[node-patches] Change in ovirt-node-iso[master]: Save ovirt-node-tools to be exported for other jobs
rbarry at redhat.com
rbarry at redhat.com
Mon Apr 28 14:50:55 UTC 2014
Ryan Barry has uploaded a new change for review.
Change subject: Save ovirt-node-tools to be exported for other jobs
......................................................................
Save ovirt-node-tools to be exported for other jobs
ovirt-node-tools is necessary for child-jobs to run edit-node.
We should export it.
Change-Id: I97e6c539409fec44afac990daae04ef00f116573
Signed-off-by: Ryan Barry <rbarry at redhat.com>
---
A archipel-install.ks
A archipel-pkgs.ks
A archipel-post.ks
A centos6-install.ks
A centos6-minimizer.ks
A centos6-pkgs.ks
A centos6-post.ks
A common-efi.ks
A common-install.ks
A common-manifest.ks
A common-minimizer.ks
A common-nochroot.ks
A common-pkgs.ks
A common-post.ks
A custom-template.ks
A fedora-pkgs.ks
A image-minimizer.ks
M jenkins.sh
A ovirt-node-image.ks
A ovirt-node-iso.ks
A ovirt17-install.ks
A ovirt17-minimizer.ks
A ovirt17-pkgs.ks
A ovirt17-post.ks
A ovirt18-install.ks
A ovirt18-minimizer.ks
A ovirt18-pkgs.ks
A ovirt18-post.ks
A ovirt19-install.ks
A ovirt19-minimizer.ks
A ovirt19-pkgs.ks
A ovirt19-post.ks
A ovirt20-install.ks
A ovirt20-minimizer.ks
A ovirt20-pkgs.ks
A ovirt20-post.ks
A rhevh6-install.ks
A rhevh6-minimizer.ks
A rhevh6-pkgs.ks
A rhevh6-post.ks
A rhevh7-install.ks
A rhevh7-minimizer.ks
A rhevh7-pkgs.ks
A rhevh7-post.ks
A version.ks
45 files changed, 3,619 insertions(+), 0 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node-iso refs/changes/62/27162/1
diff --git a/archipel-install.ks b/archipel-install.ks
new file mode 100644
index 0000000..5130b8e
--- /dev/null
+++ b/archipel-install.ks
@@ -0,0 +1,2 @@
+bootloader --timeout=30 --append="nomodeset check rootflags=ro crashkernel=128M elevator=deadline install quiet rd_NO_LVM stateless=1"
+services --enabled=auditd,ntpd,ntpdate,iptables,network,rsyslog,multipathd,snmpd,ovirt-early,ovirt,ovirt-post,anyterm,collectd,libvirtd,cgconfig,archipel,tuned
diff --git a/archipel-pkgs.ks b/archipel-pkgs.ks
new file mode 100644
index 0000000..4e19845
--- /dev/null
+++ b/archipel-pkgs.ks
@@ -0,0 +1,17 @@
+samba-client
+cifs-utils
+python-setuptools
+archipel-agent
+archipel-agent-action-scheduler
+archipel-agent-hypervisor-geolocalization
+archipel-agent-hypervisor-health
+archipel-agent-hypervisor-network
+archipel-agent-hypervisor-platformrequest
+archipel-agent-iphone-notification
+archipel-agent-virtualmachine-oomkiller
+archipel-agent-virtualmachine-snapshoting
+archipel-agent-virtualmachine-storage
+archipel-agent-virtualmachine-vnc
+archipel-agent-vmcasting
+archipel-agent-vmparking
+archipel-agent-xmppserver
diff --git a/archipel-post.ks b/archipel-post.ks
new file mode 100644
index 0000000..3926197
--- /dev/null
+++ b/archipel-post.ks
@@ -0,0 +1,216 @@
+# just to get a boot warning to shut up
+touch /etc/resolv.conf
+
+# make libvirtd listen on the external interfaces
+sed -i -e 's/^#\(LIBVIRTD_ARGS="--listen"\).*/\1/' \
+ /etc/sysconfig/libvirtd
+
+# set up qemu daemon to allow outside VNC connections
+sed -i -e 's/^[[:space:]]*#[[:space:]]*\(vnc_listen = "0.0.0.0"\).*/\1/' \
+ /etc/libvirt/qemu.conf
+# set up libvirtd to listen on TCP (for kerberos)
+sed -i -e "s/^[[:space:]]*#[[:space:]]*\(listen_tcp\)\>.*/\1 = 1/" \
+ -e "s/^[[:space:]]*#[[:space:]]*\(listen_tls\)\>.*/\1 = 0/" \
+ /etc/libvirt/libvirtd.conf
+
+if [ -x "/etc/sysconfig/anyterm" ]; then
+ cat >> /etc/sysconfig/anyterm << \EOF_anyterm
+ ANYTERM_CMD="sudo /usr/bin/virsh console %p"
+ ANYTERM_LOCAL_ONLY=false
+EOF_anyterm
+
+ # permit it to run the virsh console
+ echo "anyterm ALL=NOPASSWD: /usr/bin/virsh console *" >> /etc/sudoers
+fi
+
+if [ -x "/usr/libexec/qemu-kvm" ]; then
+ echo "qemu-kvm is in /usr/libexec/qemu-kvm... thanks CentOS. Symlinking this"
+ ln -s /usr/libexec/qemu-kvm /usr/bin/kvm
+ ln -s /usr/libexec/qemu-kvm /usr/bin/qemu-kvm
+fi
+
+if [ -x "lib/systemd/system/" ]; then # configure anyterm
+ rm -rf /etc/systemd/system/default.target
+ ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+
+ # setup ovirt-firstboot multi-user dependency
+ cat >> /lib/systemd/system/ovirt-firstboot.service << \EOF_firstboot
+ [Unit]
+ Description=firstboot configuration program (text mode)
+ After=plymouth-quit.service
+ Before=getty at tty1.service
+
+ [Service]
+ Environment=RUNLEVEL=3
+ ExecStartPre=-/bin/plymouth quit
+ ExecStart=/etc/init.d/ovirt-firstboot start
+ TimeoutSec=0
+ RemainAfterExit=yes
+ Type=oneshot
+ SysVStartPriority=99
+ StandardInput=tty-force
+
+ [Install]
+ WantedBy=multi-user.target
+EOF_firstboot
+
+ systemctl enable ovirt-firstboot.service >/dev/null 2>&1
+ chkconfig --del ovirt-firstboot
+else
+ echo "NO SYSTEMD: using chkconfig for starting ovirt-firstboot"
+ chkconfig --del ovirt-firstboot
+ chkconfig --del ovirt-post
+ sed -i "5i# chkconfig: 2345 97 03" /etc/init.d/ovirt-post
+ sed -i "s/# chkconfig: 2345 99 01/# chkconfig: 2345 98 02/g" /etc/init.d/ovirt-firstboot
+ chkconfig --add ovirt-firstboot
+ chkconfig --add ovirt-post
+ # Hack to make python-sqlalchemy0.7 working on centos. seriously this sucks
+ mv /usr/lib64/python2.6/site-packages/SQLAlchemy-0.7.3-py2.6-linux-$(uname -m).egg/sqlalchemy /usr/lib64/python2.6/site-packages/
+fi
+
+echo "Configuring IPTables"
+# here, we need to punch the appropriate holes in the firewall
+cat > /etc/sysconfig/iptables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+#
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
+# archipel
+-A INPUT -p tcp --dport 5222 -j ACCEPT
+-A INPUT -p tcp --dport 6900:6999 -j ACCEPT
+COMMIT
+EOF
+# configure IPv6 firewall, default is all ACCEPT
+cat > /etc/sysconfig/ip6tables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+# unblock ipv6 dhcp response
+-A INPUT -p udp --dport 546 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp6-adm-prohibited
+# archipel
+-A INPUT -p tcp --dport 5222 -j ACCEPT
+-A INPUT -p tcp --dport 6900:6999 -j ACCEPT
+COMMIT
+EOF
+
+python -m compileall /usr/share/virt-manager
+
+#Add some upstream specific rwtab entries
+cat >> /etc/rwtab.d/ovirt << \EOF_rwtab_ovirt2
+dirs /root/.virt-manager
+dirs /admin/.virt-manager
+EOF_rwtab_ovirt2
+
+# create .virt-manager directories for readonly root
+mkdir -p /root/.virt-manager /home/admin/.virt-manager
+
+echo "Configuring SELinux"
+# custom module for node specific rules
+mkdir /tmp/SELinux
+cd /tmp/SELinux
+cat > ovirt.te << \EOF_OVIRT_TE
+module ovirt 1.0;
+require {
+ type initrc_t;
+ type initrc_tmp_t;
+ type mount_t;
+ type setfiles_t;
+ type shadow_t;
+ type unconfined_t;
+ class file { append mounton open getattr read execute ioctl lock entrypoint };
+ class fd { use };
+ class process { sigchld signull transition noatsecure siginh rlimitinh getattr };
+ class fifo_file { getattr open read write append lock ioctl };
+ class filesystem getattr;
+ class dir { getattr search open read lock ioctl };
+ class socket { read write };
+ class tcp_socket { read write };
+ class udp_socket { read write };
+ class rawip_socket { read write };
+ class netlink_socket { read write };
+ class packet_socket { read write };
+ class unix_stream_socket { read write create ioctl getattr lock setattr append bind connect getopt setopt shutdown connectto };
+ class unix_dgram_socket { read write };
+ class appletalk_socket { read write };
+ class netlink_route_socket { read write };
+ class netlink_firewall_socket { read write };
+ class netlink_tcpdiag_socket { read write };
+ class netlink_nflog_socket { read write };
+ class netlink_xfrm_socket { read write };
+ class netlink_selinux_socket { read write };
+ class netlink_audit_socket { read write };
+ class netlink_ip6fw_socket { read write };
+ class netlink_dnrt_socket { read write };
+ class netlink_kobject_uevent_socket { read write };
+ class tun_socket { read write };
+ class chr_file { getattr read write append ioctl lock open };
+ class lnk_file { getattr read };
+ class sock_file { getattr write open append };
+}
+allow mount_t shadow_t:file mounton;
+allow setfiles_t initrc_tmp_t:file append;
+type ovirt_exec_t;
+init_daemon_domain(unconfined_t,ovirt_exec_t)
+EOF_OVIRT_TE
+cat > ovirt.fc << \EOF_OVIRT_FC
+/etc/rc\.d/init\.d/ovirt-firstboot -- gen_context(system_u:object_r:ovirt_exec_t)
+/etc/rc\.d/init\.d/ovirt-post -- gen_context(system_u:object_r:ovirt_exec_t)
+EOF_OVIRT_FC
+make NAME=targeted -f /usr/share/selinux/devel/Makefile
+semodule -v -i ovirt.pp
+cd /
+rm -rf /tmp/SELinux
+
+# Archipel
+echo "[ARCHIPEL] Reactivating the root account"
+passwd -uf root
+
+echo "[ARCHIPEL] Creating the /vm and /stateless folders"
+mkdir -p /vm
+mkdir -p /stateless
+
+
+echo "[ARCHIPEL] Updating the archipel config file to be in stateless mode"
+cat > /etc/archipel/archipel.conf <<EOF_archipelconf
+[GLOBAL]
+stateless_node = True
+EOF_archipelconf
+
+echo "[ARCHIPEL] Update the archipe init.d file"
+sed -i "s/# Required-Start:.*/# Required-Start: ovirt-firstboot/g" /etc/init.d/archipel
+sed -i "/# Required-Stop:.*/d" /etc/init.d/archipel
+sed -i "/# Should-Stop:.*/d" /etc/init.d/archipel
+sed -i "/# Default-Start:.*/d" /etc/init.d/archipel
+sed -i "/# Default-Stop:.*/d" /etc/init.d/archipel
+
+/sbin/service zfs-fuse stop 2>/dev/null
diff --git a/centos6-install.ks b/centos6-install.ks
new file mode 100644
index 0000000..b0fbc3d
--- /dev/null
+++ b/centos6-install.ks
@@ -0,0 +1 @@
+services --enabled=auditd,ntpd,ntpdate,iptables,network,rsyslog,multipathd,snmpd,ovirt-early,ovirt-post,cgconfig,tuned --disabled=netfs,ovirt-awake,libvirt-guests,libvirtd
diff --git a/centos6-minimizer.ks b/centos6-minimizer.ks
new file mode 100644
index 0000000..9e2a998
--- /dev/null
+++ b/centos6-minimizer.ks
@@ -0,0 +1,9 @@
+# RHEL specific image minimization
+droprpm cvs
+droprpm gettext
+droprpm hesiod
+droprpm procmail
+droprpm sendmail
+drop /etc/rc.d/init.d/libvirt-guests
+drop /var/lib/yum
+drop /etc/yum.repos.d/C*
diff --git a/centos6-pkgs.ks b/centos6-pkgs.ks
new file mode 100644
index 0000000..9813ef7
--- /dev/null
+++ b/centos6-pkgs.ks
@@ -0,0 +1,11 @@
+collectd-virt
+libguestfs-winsupport
+qemu-kvm
+# rhbz#641494 RFE - add libguestfs
+libguestfs-winsupport
+ltrace
+# keyboard layout
+system-config-keyboard-base
+vconfig
+aic94xx-firmware
+bfa-firmware
diff --git a/centos6-post.ks b/centos6-post.ks
new file mode 100644
index 0000000..8de943b
--- /dev/null
+++ b/centos6-post.ks
@@ -0,0 +1,170 @@
+# add RHEV-H rwtab locations
+mkdir -p /rhev
+cat > /etc/rwtab.d/rhev << EOF_RWTAB_RHEVH
+dirs /var/db
+dirs /var/lib/rhsm
+EOF_RWTAB_RHEVH
+
+# minimal lsb_release for bz#549147
+cat > /usr/bin/lsb_release <<\EOF_LSB
+#!/bin/sh
+if [ "$1" = "-r" ]; then
+ printf "Release:\t$(cat /etc/rhev-hypervisor-release | awk '{print $7}')\n"
+else
+ echo RedHatEnterpriseVirtualizationHypervisor
+fi
+EOF_LSB
+chmod +x /usr/bin/lsb_release
+
+# CPE name rhbz#593463
+cat > /etc/system-release-cpe <<\EOF_CPE
+cpe:/o:redhat:enterprise_linux:6:update2:hypervisor
+EOF_CPE
+
+echo "Configuring IPTables"
+# here, we need to punch the appropriate holes in the firewall
+cat > /etc/sysconfig/iptables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# libvirt tls
+-A INPUT -p tcp --dport 16514 -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+#
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+EOF
+# configure IPv6 firewall, default is all ACCEPT
+cat > /etc/sysconfig/ip6tables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# libvirt tls
+-A INPUT -p tcp --dport 16514 -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+# unblock ipv6 dhcp response
+-A INPUT -p udp --dport 546 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp6-adm-prohibited
+COMMIT
+EOF
+
+# remove errors from /sbin/dhclient-script
+DHSCRIPT=/sbin/dhclient-script
+sed -i 's/mv /cp -p /g' $DHSCRIPT
+sed -i '/rm -f.*${interface}/d' $DHSCRIPT
+sed -i '/rm -f \/etc\/localtime/d' $DHSCRIPT
+sed -i '/rm -f \/etc\/ntp.conf/d' $DHSCRIPT
+sed -i '/rm -f \/etc\/yp.conf/d' $DHSCRIPT
+
+# prevent node from hanging on reboot due to /etc mounts
+patch -d /etc/init.d/ -p0 << \EOF_halt
+--- halt.orig 2009-12-05 00:44:29.000000000 +0000
++++ halt 2010-03-24 18:12:36.000000000 +0000
+@@ -138,7 +138,7 @@
+ $"Unmounting pipe file systems (retry): " \
+ -f
+
+-LANG=C __umount_loop '$2 ~ /^\/$|^\/proc|^\/dev/{next}
++LANG=C __umount_loop '$2 ~ /^\/$|^\/proc|^\/etc|^\/dev/{next}
+ $3 == "tmpfs" || $3 == "proc" {print $2 ; next}
+ /(loopfs|autofs|nfs|cifs|smbfs|ncpfs|sysfs|^none|^\/dev\/ram|^\/dev\/root$)/ {next}
+ {print $2}' /proc/mounts \
+EOF_halt
+
+# rhbz#675868
+# Modify rc.sysinit
+patch -d /etc/rc.d -p0 << \EOF_rc_sysinit
+--- rc.sysinit.orig 2012-08-27 12:59:56.181488153 +0530
++++ rc.sysinit 2012-08-27 13:02:45.554484158 +0530
+@@ -43,7 +43,7 @@
+ fi
+
+ if [ -n "$SELINUX_STATE" -a -x /sbin/restorecon ] && __fgrep " /dev " /proc/mounts >/dev/null 2>&1 ; then
+- /sbin/restorecon -R -F /dev 2>/dev/null
++ /sbin/restorecon -e /dev/.initramfs -R /dev 2>/dev/null
+ fi
+
+ disable_selinux() {
+@@ -503,9 +503,9 @@
+ # filesystems are NOT unmounted in single user mode.
+ # The 'no' applies to all listed filesystem types. See mount(8).
+ if [ "$READONLY" != "yes" ] ; then
+- action $"Mounting local filesystems: " mount -a -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2 -O no_netdev
++ action $"Mounting local filesystems: " mount -a -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2,noproc,nosysfs,nodevpts -O no_netdev
+ else
+- action $"Mounting local filesystems: " mount -a -n -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2 -O no_netdev
++ action $"Mounting local filesystems: " mount -a -n -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2,noproc,nosysfs,nodevpts -O no_netdev
+ fi
+
+ # Update quotas if necessary
+EOF_rc_sysinit
+
+# rhbz#675868
+# Modify start_udev
+patch -d /sbin -p0 << \EOF_start_udev
+--- start_udev.orig 2011-03-30 12:32:03.000000000 +0000
++++ start_udev 2011-09-02 17:16:57.954610422 +0000
+@@ -121,7 +121,7 @@
+ #/bin/chown root:root /dev/fuse
+
+ if [ -x /sbin/restorecon ]; then
+- /sbin/restorecon -R /dev
++ /sbin/restorecon -e /dev/.initramfs -R /dev
+ fi
+
+ if [ -x "$MAKEDEV" ]; then
+EOF_start_udev
+
+# set maxlogins to 3
+echo "* - maxlogins 3" >> /etc/security/limits.conf
+
+# rhbz#738170
+patch -d /sbin -p0 << \EOF_mkdumprd
+--- /sbin/mkdumprd.orig 2011-10-06 06:37:49.000000000 +0000
++++ /sbin/mkdumprd 2011-11-01 04:21:19.000000000 +0000
+@@ -583,7 +583,7 @@
+ eth*.*)
+ modalias=8021q
+ ;;
+- br*)
++ rhevm|br*)
+ modalias=bridge
+ ;;
+ *)
+@@ -756,7 +756,7 @@
+ echo >> $MNTIMAGE/etc/ifcfg-$dev
+ echo "BUS_ID=\"Bonding\"" >> $MNTIMAGE/etc/ifcfg-$dev
+ ;;
+- br*)
++ rhevm|br*)
+ for j in `ls /sys/class/net/$dev/brif`
+ do
+ handlenetdev $j
+
+EOF_mkdumprd
diff --git a/common-efi.ks b/common-efi.ks
new file mode 100644
index 0000000..1d47677
--- /dev/null
+++ b/common-efi.ks
@@ -0,0 +1,81 @@
+# create grub/grub2 efi boot configuation
+
+if [ ! -e $INSTALL_ROOT/sbin/grub2-install ]; then
+ cat > $LIVE_ROOT/EFI/BOOT/BOOTX64.conf <<EOF
+default=0
+splashimage=/EFI/BOOT/splash.xpm.gz
+timeout 30
+hiddenmenu
+title Install / Upgrade ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0
+ initrd /isolinux/initrd0.img
+title Install / Upgrade (Basic Video) ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 nomodeset
+ initrd /isolinux/initrd0.img
+title Install / Upgrade with serial console ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 console=ttyS0,115200n8
+ initrd /isolinux/initrd0.img
+title Reinstall ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall
+ initrd /isolinux/initrd0.img
+title Reinstall (Basic Video) ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall nomodeset
+ initrd /isolinux/initrd0.img
+title Reinstall with serial console ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall console=ttyS0,115200n8
+ initrd /isolinux/initrd0.img
+title Uninstall
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 uninstall
+ initrd /isolinux/initrd0.img
+EOF
+else
+ cat > $LIVE_ROOT/EFI/BOOT/BOOTX64.conf <<EOF
+set default="0"
+
+function load_video {
+ insmod efi_gop
+ insmod efi_uga
+ insmod video_bochs
+ insmod video_cirrus
+ insmod all_video
+}
+
+load_video
+set gfxpayload=keep
+insmod gzio
+insmod part_gpt
+insmod ext2
+
+set timeout=30
+
+menuentry 'Install or Upgrade ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Install or Upgrade (Basic Video) ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 nomodeset
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Install or Upgrade with serial console ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 console=ttyS0,115200n8
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Reinstall ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Reinstall (Basic Video) ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall nomodeset
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Reinstall with serial console ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall console=ttyS0,115200n8
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Uninstall' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 uninstall
+ initrdefi /isolinux/initrd0.img
+}
+EOF
+fi
+cp $LIVE_ROOT/EFI/BOOT/BOOTX64.conf $LIVE_ROOT/EFI/BOOT/grub.cfg
diff --git a/common-install.ks b/common-install.ks
new file mode 100644
index 0000000..c702f48
--- /dev/null
+++ b/common-install.ks
@@ -0,0 +1,86 @@
+lang en_US.utf8
+keyboard us
+timezone --utc UTC
+auth --useshadow --enablemd5
+selinux --enforcing
+firewall --disabled
+# TODO: the sizing of the image needs to be more dynamic
+part / --size 1536 --fstype ext2
+
+# additional default boot parameters
+# Need to use deadline Scheduler for performance, rhbz#647301
+# VM timekeeping: Do not allow C2 state, rhbz#647300
+bootloader --timeout=30 --append="rd.live.check rd.lvm=0 rd_NO_MULTIPATH rootflags=ro crashkernel=128M elevator=deadline install quiet max_loop=256"
+
+# not included by default in Fedora 10 livecd initramfs
+device virtio_blk
+device virtio_pci
+device scsi_wait_scan
+
+# multipath kmods
+device dm-multipath
+device dm-round-robin
+device dm-emc
+device dm-rdac
+device dm-hp-sw
+device scsi_dh_rdac
+
+# add missing scsi modules to initramfs
+device 3w-9xxx
+device 3w-sas
+device 3w-xxxx
+device a100u2w
+device aacraid
+device xhci-hcd
+device aic79xx
+device aic94xx
+device arcmsr
+device atp870u
+device be2iscsi
+device bfa
+device BusLogic
+device cciss
+device cxgb3i
+device dc395x
+device fnic
+device gdth
+device hpsa
+device hptiop
+device imm
+device initio
+device ips
+device isci
+device libosd
+device libsas
+device libsrp
+device lpfc
+device megaraid
+device megaraid_mbox
+device megaraid_mm
+device megaraid_sas
+device mpt2sas
+device mvsas
+device osd
+device osst
+device pm8001
+device pmcraid
+device qla1280
+device qla2xxx
+device qla4xxx
+device qlogicfas408
+device stex
+device tmscsim
+#usb mass storage devices / blade cd devices / similar
+device ums-sddr09
+device ums-realtek
+device ums-sddr55
+device ums-isd200
+device ums-alauda
+device ums-freecom
+device ums-cypress
+device ums-jumpshot
+device ums-onetouch
+device ums-karma
+device ums-usbat
+device ums-datafab
+device ums-eneub6250
diff --git a/common-manifest.ks b/common-manifest.ks
new file mode 100644
index 0000000..5e0b30d
--- /dev/null
+++ b/common-manifest.ks
@@ -0,0 +1,52 @@
+%post
+echo -n "Creating manifest"
+# Create post-image processing manifests
+rpm -qa --qf '%{name}-%{version}-%{release}.%{arch} (%{SIGPGP:pgpsig})\n' | \
+ sort > /manifest-rpm.txt
+rpm -qa --qf '%{sourcerpm}\n' | sort -u > /manifest-srpm.txt
+# collect all included licenses rhbz#601927
+rpm -qa --qf '%{license}\n' | sort -u > /manifest-license.txt
+# dependencies
+rpm -qa | xargs -n1 rpm -e --test 2> /manifest-deps.txt
+echo -n "."
+
+# Takes about 4min
+#find / -xdev -print -exec rpm -qf {} \; > /manifest-owns.txt
+# Alternative takes about 8sec, results are slightly different
+{
+ # Get all owned files
+ rpm -qa | while read PKG
+ do
+ rpm -ql $PKG | while read FIL
+ do
+ [[ -e "$FIL" ]] && echo $FIL
+ done | sed "s#\$#\t\t\t$PKG#"
+ done
+ # Get all files on fs and mark them as not owned
+ find / -xdev | sed "s#\$#\t\t\tNot owned by any package.#"
+# Just keep the first occurence of a file entry
+# Unowned files will just occur once,
+# owned once twice (just the firts entry is kept)
+} | sort -u -k1,1 | sed "s#\t\t\t#\n#" > /manifest-owns.txt
+
+
+du -akx --exclude=/var/cache/yum / > /manifest-file.txt
+du -x --exclude=/var/cache/yum / > /manifest-dir.txt
+echo -n "."
+bzip2 /manifest-deps.txt /manifest-owns.txt /manifest-file.txt /manifest-dir.txt
+echo -n "."
+
+%end
+
+%post --nochroot
+# Move manifests to ISO
+mv $INSTALL_ROOT/manifest-* $LIVE_ROOT/isolinux
+echo "done"
+
+# only works on x86, x86_64
+if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
+ if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
+ cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
+ cp /usr/bin/livecd-iso-to-pxeboot $LIVE_ROOT/LiveOS
+fi
+%end
diff --git a/common-minimizer.ks b/common-minimizer.ks
new file mode 100644
index 0000000..1eebb3d
--- /dev/null
+++ b/common-minimizer.ks
@@ -0,0 +1,345 @@
+droprpm system-config-*
+keeprpm system-config-keyboard-base
+
+# Needed for selinux-policy generation
+#droprpm mkinitrd
+#droprpm checkpolicy
+#droprpm make
+drop /usr/share/selinux
+droprpm selinux-policy-devel
+
+droprpm gamin
+droprpm pm-utils
+droprpm usermode
+droprpm vbetool
+droprpm ConsoleKit
+droprpm linux-atm-libs
+droprpm mtools
+droprpm syslinux
+droprpm wireless-tools
+droprpm radeontool
+droprpm gnupg2
+droprpm fedora-release-notes
+droprpm fedora-logos
+
+# rhbz#641494 - drop unnecessary rpms pulled in from libguestfs-winsupport
+droprpm fakechroot
+droprpm fakechroot-libs
+droprpm fakeroot
+droprpm fakeroot-libs
+droprpm febootstrap
+
+# cronie pulls in exim (sendmail) which pulls in all kinds of perl deps
+droprpm exim
+droprpm perl*
+keeprpm perl-libs
+droprpm postfix
+droprpm mysql*
+
+droprpm sysklogd
+# pam complains when this is missing
+keeprpm ConsoleKit-libs
+
+# kernel modules minimization
+
+# filesystems
+drop /lib/modules/*/kernel/fs
+keep /lib/modules/*/kernel/fs/ext*
+keep /lib/modules/*/kernel/fs/mbcache*
+keep /lib/modules/*/kernel/fs/squashfs
+keep /lib/modules/*/kernel/fs/jbd*
+keep /lib/modules/*/kernel/fs/btrfs
+keep /lib/modules/*/kernel/fs/cifs*
+keep /lib/modules/*/kernel/fs/fat
+keep /lib/modules/*/kernel/fs/nfs
+keep /lib/modules/*/kernel/fs/nfs_common
+keep /lib/modules/*/kernel/fs/fscache
+keep /lib/modules/*/kernel/fs/lockd
+keep /lib/modules/*/kernel/fs/nls/nls_utf8.ko
+keep /lib/modules/*/kernel/fs/configfs/configfs.ko
+keep /lib/modules/*/kernel/fs/fuse
+keep /lib/modules/*/kernel/fs/isofs
+# autofs4 configfs exportfs *fat *jbd mbcache.ko nls xfs
+#*btrfs cramfs *ext2 *fscache *jbd2 *nfs squashfs
+# cachefiles dlm *ext3 fuse jffs2 *nfs_common ubifs
+# cifs ecryptfs *ext4 gfs2 *lockd nfsd udf
+
+# network
+drop /lib/modules/*/kernel/net
+keep /lib/modules/*/kernel/net/802*
+keep /lib/modules/*/kernel/net/bridge
+keep /lib/modules/*/kernel/net/core
+keep /lib/modules/*/kernel/net/dns_resolver
+keep /lib/modules/*/kernel/net/ipv*
+keep /lib/modules/*/kernel/net/key
+keep /lib/modules/*/kernel/net/llc
+keep /lib/modules/*/kernel/net/netfilter
+keep /lib/modules/*/kernel/net/rds
+keep /lib/modules/*/kernel/net/sctp
+keep /lib/modules/*/kernel/net/sched
+keep /lib/modules/*/kernel/net/sunrpc
+#*802 atm can ieee802154 *key *netfilter rfkill *sunrpc xfrm
+#*8021q bluetooth *core *ipv4 *llc phonet sched wimax
+# 9p *bridge dccp *ipv6 mac80211 *rds *sctp wireless
+
+drop /lib/modules/*/kernel/sound
+
+# drivers
+drop /lib/modules/*/kernel/drivers
+keep /lib/modules/*/kernel/drivers/ata
+keep /lib/modules/*/kernel/drivers/block
+keep /lib/modules/*/kernel/drivers/cdrom
+keep /lib/modules/*/kernel/drivers/char
+keep /lib/modules/*/kernel/drivers/cpufreq
+keep /lib/modules/*/kernel/drivers/dca
+keep /lib/modules/*/kernel/drivers/dma
+keep /lib/modules/*/kernel/drivers/edac
+keep /lib/modules/*/kernel/drivers/firmware
+keep /lib/modules/*/kernel/drivers/idle
+keep /lib/modules/*/kernel/drivers/infiniband
+keep /lib/modules/*/kernel/drivers/input/misc/uinput.ko
+keep /lib/modules/*/kernel/drivers/md
+keep /lib/modules/*/kernel/drivers/message
+keep /lib/modules/*/kernel/drivers/net
+drop /lib/modules/*/kernel/drivers/net/pcmcia
+drop /lib/modules/*/kernel/drivers/net/wireless
+drop /lib/modules/*/kernel/drivers/net/ppp*
+keep /lib/modules/*/kernel/drivers/pci
+keep /lib/modules/*/kernel/drivers/pps
+keep /lib/modules/*/kernel/drivers/ptp
+keep /lib/modules/*/kernel/drivers/scsi
+keep /lib/modules/*/kernel/drivers/staging/ramzswap
+keep /lib/modules/*/kernel/drivers/uio
+keep /lib/modules/*/kernel/drivers/usb
+drop /lib/modules/*/kernel/drivers/usb/atm
+drop /lib/modules/*/kernel/drivers/usb/class
+drop /lib/modules/*/kernel/drivers/usb/image
+drop /lib/modules/*/kernel/drivers/usb/misc
+drop /lib/modules/*/kernel/drivers/usb/serial
+keep /lib/modules/*/kernel/drivers/usb/storage
+keep /lib/modules/*/kernel/drivers/vhost
+keep /lib/modules/*/kernel/drivers/virtio
+keep /lib/modules/*/kernel/drivers/watchdog
+keep /lib/modules/*/kernel/drivers/i2c
+
+# acpi *cpufreq hid leds mtd ?regulator uwb
+#*ata crypto ?hwmon *md *net* rtc *vhost
+# atm *dca ?i2c media ?parport *scsi* video
+# auxdisplay *dma *idle memstick *pci ?serial *virtio
+#*block *edac ieee802154 *message pcmcia ?ssb watchdog
+# bluetooth firewire *infiniband ?mfd platform *staging xen
+#*cdrom *firmware input misc ?power ?uio
+#*char* ?gpu isdn mmc ?pps *usb
+
+drop /usr/share/zoneinfo
+keep /usr/share/zoneinfo/UTC
+
+drop /etc/alsa
+drop /usr/share/alsa
+drop /usr/share/awk
+drop /usr/share/vim
+drop /usr/share/anaconda
+drop /usr/share/backgrounds
+drop /usr/share/wallpapers
+drop /usr/share/kde-settings
+drop /usr/share/gnome-background-properties
+drop /usr/share/setuptool
+drop /usr/share/hwdata/MonitorsDB
+drop /usr/share/hwdata/oui.txt
+drop /usr/share/hwdata/videoaliases
+drop /usr/share/hwdata/videodrivers
+drop /usr/share/firstboot
+drop /usr/share/lua
+drop /usr/share/kde4
+drop /usr/share/pixmaps
+drop /usr/share/icons
+drop /usr/share/fedora-release
+drop /usr/share/tabset
+drop /usr/share/augeas/lenses/tests
+drop /usr/share/augeas/lenses/dist/*
+# generic includes
+keep /usr/share/augeas/lenses/dist/build.aug
+keep /usr/share/augeas/lenses/dist/hosts.aug
+keep /usr/share/augeas/lenses/dist/inifile.aug
+keep /usr/share/augeas/lenses/dist/modprobe.aug
+keep /usr/share/augeas/lenses/dist/rx.aug
+keep /usr/share/augeas/lenses/dist/sep.aug
+keep /usr/share/augeas/lenses/dist/shellvars.aug
+keep /usr/share/augeas/lenses/dist/spacevars.aug
+keep /usr/share/augeas/lenses/dist/sysctl.aug
+keep /usr/share/augeas/lenses/dist/util.aug
+keep /usr/share/augeas/lenses/dist/simplevars.aug
+# whitelist only relevant lenses
+keep /usr/share/augeas/lenses/dist/buildd.aug
+keep /usr/share/augeas/lenses/dist/cgconfig.aug
+keep /usr/share/augeas/lenses/dist/cgrules.aug
+keep /usr/share/augeas/lenses/dist/cron.aug
+keep /usr/share/augeas/lenses/dist/dhclient.aug
+keep /usr/share/augeas/lenses/dist/dnsmasq.aug
+keep /usr/share/augeas/lenses/dist/ethers.aug
+keep /usr/share/augeas/lenses/dist/exports.aug
+keep /usr/share/augeas/lenses/dist/fstab.aug
+keep /usr/share/augeas/lenses/dist/group.aug
+keep /usr/share/augeas/lenses/dist/grub.aug
+keep /usr/share/augeas/lenses/dist/inittab.aug
+keep /usr/share/augeas/lenses/dist/iptables.aug
+keep /usr/share/augeas/lenses/dist/json.aug
+keep /usr/share/augeas/lenses/dist/krb5.aug
+keep /usr/share/augeas/lenses/dist/limits.aug
+keep /usr/share/augeas/lenses/dist/logrotate.aug
+keep /usr/share/augeas/lenses/dist/lokkit.aug
+keep /usr/share/augeas/lenses/dist/modules_conf.aug
+keep /usr/share/augeas/lenses/dist/multipath.aug
+keep /usr/share/augeas/lenses/dist/ntp.aug
+keep /usr/share/augeas/lenses/dist/pam.aug
+keep /usr/share/augeas/lenses/dist/passwd.aug
+keep /usr/share/augeas/lenses/dist/quote.aug
+keep /usr/share/augeas/lenses/dist/resolv.aug
+keep /usr/share/augeas/lenses/dist/securetty.aug
+keep /usr/share/augeas/lenses/dist/services.aug
+keep /usr/share/augeas/lenses/dist/shellvars_list.aug
+keep /usr/share/augeas/lenses/dist/sshd.aug
+keep /usr/share/augeas/lenses/dist/sudoers.aug
+keep /usr/share/augeas/lenses/dist/utill.aug
+keep /usr/share/augeas/lenses/dist/yum.aug
+drop /usr/share/tc
+drop /usr/share/emacs
+drop /usr/share/info
+drop /usr/src
+drop /usr/etc
+drop /usr/games
+drop /usr/include
+keep /usr/include/python2.*
+drop /usr/local
+drop /usr/sbin/dell*
+keep /usr/sbin/build-locale-archive
+drop /usr/sbin/glibc_post_upgrade.*
+drop /usr/lib*/tc
+drop /usr/lib*/tls
+drop /usr/lib*/sse2
+drop /usr/lib*/pkgconfig
+drop /usr/lib*/nss
+drop /usr/lib*/games
+drop /usr/lib*/alsa-lib
+drop /usr/lib*/krb5
+drop /usr/lib*/hal
+drop /usr/lib*/gio
+# syslinux
+drop /usr/share/syslinux
+# glibc-common locales
+drop /usr/lib/locale
+keep /usr/lib/locale/locale-archive
+keep /usr/lib/locale/usr/share/locale/en_US
+# pango
+drop /usr/lib*/pango
+drop /usr/lib*/libthai*
+drop /usr/share/libthai
+drop /usr/bin/pango*
+# hal
+drop /usr/bin/hal-disable-polling
+drop /usr/bin/hal-is-caller-locked-out
+drop /usr/bin/hal-is-caller-privileged
+drop /usr/bin/hal-lock
+drop /usr/bin/hal-set-property
+drop /usr/bin/hal-setup-keymap
+# openssh
+drop /usr/bin/sftp
+drop /usr/bin/slogin
+drop /usr/bin/ssh-add
+drop /usr/bin/ssh-agent
+drop /usr/bin/ssh-keyscan
+# docs
+drop /usr/share/omf
+drop /usr/share/gnome
+drop /usr/share/doc
+drop /usr/share/locale/
+keep /usr/share/locale/en_US
+keep /usr/share/locale/zh_CN
+drop /usr/share/man
+drop /usr/share/X11
+drop /usr/share/i18n
+drop /boot/*
+keep /boot/efi
+keep /boot/System.map*
+keep /boot/symvers*
+drop /var/lib/builder
+drop /usr/sbin/*-channel
+
+drop /usr/lib*/libboost*
+keep /usr/lib*/libboost_program_options.so*
+keep /usr/lib*/libboost_filesystem.so*
+keep /usr/lib*/libboost_thread-mt.so*
+keep /usr/lib*/libboost_system.so*
+keep /usr/lib*/libboost_system-mt.so*
+keep /usr/lib*/libboost_chrono-mt.so*
+drop /usr/kerberos
+keep /usr/kerberos/bin/kinit
+keep /usr/kerberos/bin/klist
+drop /lib/firmware
+keep /lib/firmware/3com
+keep /lib/firmware/acenic
+keep /lib/firmware/adaptec
+keep /lib/firmware/advansys
+keep /lib/firmware/bnx2
+keep /lib/firmware/bnx2x
+keep /lib/firmware/bnx2x*
+keep /lib/firmware/cxgb3
+keep /lib/firmware/cxgb4
+keep /lib/firmware/e100
+keep /lib/firmware/myricom
+keep /lib/firmware/ql*
+keep /lib/firmware/sun
+keep /lib/firmware/tehuti
+keep /lib/firmware/tigon
+keep /lib/firmware/cbfw*
+keep /lib/firmware/ctfw*
+keep /lib/firmware/ct2fw*
+keep /lib/firmware/aic94xx-seq.fw
+
+drop /etc/pki/tls
+keep /etc/pki/tls/openssl.cnf
+drop /etc/pki/java
+drop /etc/pki/nssdb
+
+
+#desktop files
+drop /etc/xdg/autostart/restorecond.desktop
+
+#ebtables depends on perl
+drop /sbin/ebtables-save
+drop /sbin/ebtables-restore
+
+# remove bogus kdump script (rpmdiff complains)
+drop /etc/kdump-adv-conf
+
+#remove rpms added by dmraid
+droprpm ConsoleKit
+droprpm checkpolicy
+droprpm dmraid-events
+droprpm gamin
+droprpm gnupg2
+droprpm linux-atm-libs
+droprpm make
+droprpm mtools
+droprpm mysql-libs
+droprpm perl
+droprpm perl-Module-Pluggable
+droprpm perl-Net-Telnet
+droprpm perl-PathTools
+droprpm perl-Pod-Escapes
+droprpm perl-Pod-Simple
+droprpm perl-Scalar-List-Utils
+droprpm perl-hivex
+droprpm perl-macros
+droprpm sgpio
+droprpm syslinux
+droprpm system-config-firewall-base
+droprpm usermode
+
+#NFS Server
+drop /usr/bin/rpcgen
+drop /usr/sbin/rpc.gssd
+drop /usr/sbin/rpc.mountd
+drop /usr/sbin/rpc.nfsd
+drop /usr/sbin/rpc.svcgssd
+drop /usr/sbin/rpcdebug
diff --git a/common-nochroot.ks b/common-nochroot.ks
new file mode 100644
index 0000000..f9ee49b
--- /dev/null
+++ b/common-nochroot.ks
@@ -0,0 +1,98 @@
+
+%include version.ks
+
+if [ -f "ovirt-authorized_keys" ]; then
+ echo "Adding authorized_keys to Image"
+ mkdir -p $INSTALL_ROOT/root/.ssh
+ cp -v ovirt-authorized_keys $INSTALL_ROOT/root/.ssh/authorized_keys
+ chown -R root:root $INSTALL_ROOT/root/.ssh
+ chmod 755 $INSTALL_ROOT/root/.ssh
+ chmod 644 $INSTALL_ROOT/root/.ssh/authorized_keys
+fi
+
+echo "Fixing boot menu"
+# remove quiet from Node bootparams, added by livecd-creator
+sed -i -e 's/ quiet//' $LIVE_ROOT/isolinux/isolinux.cfg
+
+# Remove Verify and Boot option
+sed -i -e '/label check0/{N;N;N;d;}' $LIVE_ROOT/isolinux/isolinux.cfg
+
+# Rename Boot option to Install or Upgrade
+sed -i 's/^ menu label Boot$/ menu label Install or Upgrade/' $LIVE_ROOT/isolinux/isolinux.cfg
+
+# add serial console boot entry
+menu=$(mktemp)
+awk '
+/^label linux0/ { linux0=1 }
+linux0==1 && $1=="append" {
+ append0=$0
+}
+linux0==1 && $1=="label" && $2!="linux0" {
+ linux0=2
+ print "label install (basic video)"
+ print " menu label Install (Basic Video)"
+ print " kernel vmlinuz0"
+ print append0" nomodeset "
+ print "label serial-console"
+ print " menu label Install or Upgrade with serial console"
+ print " kernel vmlinuz0"
+ print append0" console=ttyS0,115200n8 "
+ print "label reinstall"
+ print " menu label Reinstall"
+ print " kernel vmlinuz0"
+ print append0" reinstall "
+ print "label reinstall (basic video)"
+ print " menu label Reinstall (Basic Video)"
+ print " kernel vmlinuz0"
+ print append0" reinstall nomodeset "
+ print "label reinstall-serial"
+ print " menu label Reinstall with serial console"
+ print " kernel vmlinuz0"
+ print append0" reinstall console=ttyS0,115200n8 "
+ print "label uninstall"
+ print " menu label Uninstall"
+ print " kernel vmlinuz0"
+ print append0" uninstall "
+}
+{ print }
+' $LIVE_ROOT/isolinux/isolinux.cfg > $menu
+# change the title
+sed -i -e '/^menu title/d' $menu
+echo "say This is the $PRODUCT $VERSION ($RELEASE)" > $LIVE_ROOT/isolinux/isolinux.cfg
+echo "menu title ${PRODUCT_SHORT} $VERSION ($RELEASE)" >> $LIVE_ROOT/isolinux/isolinux.cfg
+cat $menu >> $LIVE_ROOT/isolinux/isolinux.cfg
+rm $menu
+# remove extra boot args add by updated livecd-tools
+sed -i -e 's/xdriver=vesa nomodeset//g' $LIVE_ROOT/isolinux/isolinux.cfg
+cp $INSTALL_ROOT/usr/share/ovirt-node/syslinux-vesa-splash.jpg $LIVE_ROOT/isolinux/splash.jpg
+
+# store image version info in the ISO and rootfs
+cat > $LIVE_ROOT/isolinux/version <<EOF
+PRODUCT='$PRODUCT'
+PRODUCT_SHORT='${PRODUCT_SHORT}'
+PRODUCT_CODE=$PRODUCT_CODE
+RECIPE_SHA256=$RECIPE_SHA256
+RECIPE_RPM=$RECIPE_RPM
+PACKAGE=$PACKAGE
+VERSION=$VERSION
+RELEASE=$RELEASE
+EOF
+cp $LIVE_ROOT/isolinux/version $INSTALL_ROOT/etc/default/
+
+# overwrite user visible banners with the image versioning info
+# system-release in rootfs get's updated, but now it's out of sync with initrd
+# The only bit which is missing in the initrd system-release file is VERSION
+# /(which is not shown in ply anyway)
+# The initrd can not be regeneated in a non-chroot env (here)
+cat > $INSTALL_ROOT/etc/$PACKAGE-release <<EOF
+$PRODUCT release $VERSION ($RELEASE)
+EOF
+ln -snf $PACKAGE-release $INSTALL_ROOT/etc/redhat-release
+ln -snf $PACKAGE-release $INSTALL_ROOT/etc/system-release
+cp $INSTALL_ROOT/etc/$PACKAGE-release $INSTALL_ROOT/etc/issue
+echo "Kernel \r on an \m (\l)" >> $INSTALL_ROOT/etc/issue
+cp $INSTALL_ROOT/etc/issue $INSTALL_ROOT/etc/issue.net
+
+NAME=$(grep CDLABEL $LIVE_ROOT/isolinux/isolinux.cfg |head -n1|sed -r 's/^.*CDLABEL\=([a-zA-Z0-9_\.-]+) .*$/\1/g')
+
+%include common-efi.ks
diff --git a/common-pkgs.ks b/common-pkgs.ks
new file mode 100644
index 0000000..bcbab25
--- /dev/null
+++ b/common-pkgs.ks
@@ -0,0 +1,116 @@
+audit
+dmraid
+bc
+cracklib-python
+ethtool
+kernel
+hwdata
+passwd
+policycoreutils
+rootfiles
+dhclient
+openssh-clients
+openssh-server
+qemu-kvm
+libmlx4
+ovirt-node
+selinux-policy-targeted
+vim-minimal
+sudo
+python
+python-gudev
+python-libs
+python-setuptools
+PyPAM
+db4
+# debugging
+hdparm
+sos
+gdb
+strace
+sysstat
+tcpdump
+pciutils
+usbutils
+lsscsi
+psmisc
+numactl
+file
+lsof
+newt-python
+systemtap-runtime
+qemu-kvm-tools
+setools-console
+# remove
+-audit-libs-python
+-ustr
+-authconfig
+-wireless-tools
+-setserial
+-prelink
+-newt
+-libselinux-python
+-usermode
+-gzip
+-less
+-which
+-parted
+-tar
+-libuser
+-mtools
+-cpio
+/usr/sbin/lokkit
+isomd5sum
+irqbalance
+acpid
+device-mapper-multipath
+kpartx
+dracut-network
+dracut-fips
+patch
+e2fsprogs
+sysfsutils
+less
+# Autotest support rhbz#631795
+dosfstools
+# kdump
+kexec-tools
+
+# dracut dmsquash-live module requires eject
+eject
+
+# for building custom selinux module
+make
+checkpolicy
+#
+policycoreutils-python
+# crypto swap support
+cryptsetup-luks
+# rhbz#641494 RFE - add libguestfs
+libguestfs
+python-libguestfs
+libguestfs-tools-c
+python-hivex
+# sosreport soft-dep
+rpm-python
+# for efi installs
+efibootmgr
+# yum for plugins
+yum
+# Consistent ethernet device naming
+biosdevname
+fcoe-utils
+#glusterfs client packages
+glusterfs
+glusterfs-devel
+glusterfs-fuse
+glusterfs-rdma
+
+NetworkManager-glib
+
+bridge-utils
+squashfs-tools
+mcelog
+
+# for qemu
+libicu
diff --git a/common-post.ks b/common-post.ks
new file mode 100644
index 0000000..78acdbb
--- /dev/null
+++ b/common-post.ks
@@ -0,0 +1,251 @@
+# -*-Shell-script-*-
+echo "Starting Kickstart Post"
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+export PATH
+
+# cleanup rpmdb to allow non-matching host and chroot RPM versions
+echo "Removing yumdb data"
+rm -f /var/lib/rpm/__db*
+
+echo "Creating shadow files"
+# because we aren't installing authconfig, we aren't setting up shadow
+# and gshadow properly. Do it by hand here
+pwconv
+grpconv
+
+echo "Lock root account"
+passwd -l root
+
+echo "Relabeling files"
+/usr/sbin/fixfiles -R -a restore
+
+echo "Configuring libvirt"
+# make sure we don't autostart virbr0 on libvirtd startup
+rm -f /etc/libvirt/qemu/networks/autostart/default.xml
+
+# rhevh uses libvirtd upstart job, sysv initscript must not interfere
+rm -f /etc/rc.d/init.d/libvirtd
+
+# Remove the default logrotate daily cron job
+# since we run it every 10 minutes instead.
+rm -f /etc/cron.daily/logrotate
+
+# Logrotate more judiciously so the size of syslog stays under control
+sed -i '/^.*sharedscripts/a \ rotate 5\n size 15M\n compress' /etc/logrotate.d/syslog
+
+# root's bash profile
+cat >> /root/.bashrc << \EOF_bashrc
+# aliases used for the temporary
+function mod_vi() {
+ /bin/vi $@
+ restorecon -v $@ >/dev/null 2>&1
+}
+
+function mod_yum() {
+ if [ "$1" == "--force" ]; then
+ echo $@ > /dev/null
+ shift
+ /usr/bin/yum $@
+ else
+ printf "\nUsing yum is not supported\n\n"
+ fi
+}
+
+function mod_less() {
+ cat $1 | less
+}
+
+alias ping='ping -c 3'
+alias yum="mod_yum"
+alias less="mod_less"
+export MALLOC_CHECK_=1
+export LVM_SUPPRESS_FD_WARNINGS=0
+EOF_bashrc
+
+# directories required in the image with the correct perms
+# config persistance currently handles only regular files
+mkdir -p /root/.ssh
+chmod 700 /root/.ssh
+mkdir -p /boot
+mkdir -p /boot-kdump
+mkdir -p /config
+mkdir -p /data
+mkdir -p /data2
+mkdir -p /live
+mkdir -p /liveos
+mkdir -p /root/.uml
+mkdir -p /var/cache/multipathd
+touch /var/lib/random-seed
+echo "/dev/HostVG/Config /config ext4 defaults,noauto,noatime 0 0" >> /etc/fstab
+
+# Create wwids file to prevent an error on boot, rhbz #805570
+mkdir -p /etc/multipath
+touch /etc/multipath/wwids
+chmod 0600 /etc/multipath/wwids
+
+# prepare for STATE_MOUNT in rc.sysinit
+augtool << \EOF_readonly-root
+set /files/etc/sysconfig/readonly-root/STATE_LABEL CONFIG
+set /files/etc/sysconfig/readonly-root/STATE_MOUNT /config
+set /files/etc/sysconfig/readonly-root/READONLY yes
+save
+EOF_readonly-root
+
+# comment out /etc/* entries in rwtab to prevent overlapping mounts
+sed -i '/^files \/etc*/ s/^/#/' /etc/rwtab
+cat > /etc/rwtab.d/ovirt << \EOF_rwtab_ovirt
+files /etc
+dirs /var/lib/multipath
+files /var/lib/net-snmp
+dirs /var/lib/dnsmasq
+files /root/.ssh
+dirs /root/.uml
+files /var/cache/libvirt
+files /var/empty/sshd/etc/localtime
+files /var/lib/libvirt
+files /var/lib/multipath
+files /var/lib/glusterd
+files /var/cache/multipathd
+empty /mnt
+files /boot
+empty /boot-kdump
+empty /cgroup
+files /var/lib/yum
+files /var/cache/yum
+files /usr/share/snmp/mibs
+files /var/lib/lldpad
+dirs /var/cache/rpcbind
+files /usr/share/snmp/mibs
+files /var/lib/lldpad
+dirs /var/cache/rpcbind
+EOF_rwtab_ovirt
+
+# fix iSCSI/LVM startup issue
+sed -i 's/node\.session\.initial_login_retry_max.*/node.session.initial_login_retry_max = 60/' /etc/iscsi/iscsid.conf
+
+#lvm.conf should use /dev/mapper and /dev/sdX devices
+# and not /dev/dm-X devices
+sed -i 's/preferred_names = \[ "^\/dev\/mpath\/", "^\/dev\/mapper\/mpath", "^\/dev\/\[hs\]d" \]/preferred_names = \[ "^\/dev\/mapper", "^\/dev\/\[hsv\]d" \]/g' /etc/lvm/lvm.conf
+
+# unset AUDITD_LANG to prevent boot errors
+sed -i '/^AUDITD_LANG*/ s/^/#/' /etc/sysconfig/auditd
+
+# kdump configuration
+augtool << \EOF_kdump
+set /files/etc/sysconfig/kdump/KDUMP_BOOTDIR /boot-kdump
+set /files/etc/sysconfig/kdump/MKDUMPRD_ARGS --allow-missing
+save
+EOF_kdump
+
+# add admin user for configuration ui
+useradd admin
+usermod -G wheel admin
+usermod -s /usr/libexec/ovirt-admin-shell admin
+echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
+# load modules required by crypto swap
+cat > /etc/sysconfig/modules/swap-crypt.modules << \EOF_swap-crypt
+#!/bin/sh
+
+modprobe aes >/dev/null 2>&1
+modprobe dm_mod >/dev/null 2>&1
+modprobe dm_crypt >/dev/null 2>&1
+modprobe cryptoloop >/dev/null 2>&1
+modprobe cbc >/dev/null 2>&1
+modprobe sha256 >/dev/null 2>&1
+
+EOF_swap-crypt
+chmod +x /etc/sysconfig/modules/swap-crypt.modules
+
+#strip out all unncesssary locales
+localedef --list-archive | grep -v -i -E 'en_US.utf8' |xargs localedef --delete-from-archive
+mv /usr/lib/locale/locale-archive /usr/lib/locale/locale-archive.tmpl
+/usr/sbin/build-locale-archive
+
+# use static RPC ports, to avoid collisions
+augtool << \EOF_nfs
+set /files/etc/sysconfig/nfs/RQUOTAD_PORT 875
+set /files/etc/sysconfig/nfs/LOCKD_TCPPORT 32803
+set /files/etc/sysconfig/nfs/LOCKD_UDPPORT 32769
+set /files/etc/sysconfig/nfs/MOUNTD_PORT 892
+set /files/etc/sysconfig/nfs/STATD_PORT 662
+set /files/etc/sysconfig/nfs/STATD_OUTGOING_PORT 2020
+save
+EOF_nfs
+
+# sosreport fixups for node image:
+# use .pyc for plugins enumeration, .py is blacklisted
+# include *-release
+patch --fuzz 3 -d /usr/lib/python2.*/site-packages/sos -p0 << \EOF_sos_patch
+--- sosreport.py.orig 2011-04-07 11:51:40.000000000 +0000
++++ sosreport.py 2011-07-06 13:26:44.000000000 +0000
+@@ -428,8 +428,8 @@
+
+ # validate and load plugins
+ for plug in plugins:
+- plugbase = plug[:-3]
+- if not plug[-3:] == '.py' or plugbase == "__init__":
++ plugbase = plug[:-4]
++ if not plug[-4:] == '.pyc' or plugbase == "__init__":
+ continue
+ try:
+ if GlobalVars.policy.validatePlugin(pluginpath + plug):
+--- plugins/general.py.orig 2011-02-09 15:25:48.000000000 +0000
++++ plugins/general.py 2011-07-06 23:13:32.000000000 +0000
+@@ -25,8 +25,7 @@
+ ("all_logs", "collect all log files defined in syslog.conf", "", False)]
+
+ def setup(self):
+- self.addCopySpec("/etc/redhat-release")
+- self.addCopySpec("/etc/fedora-release")
++ self.addCopySpec("/etc/*-release")
+ self.addCopySpec("/etc/inittab")
+ self.addCopySpec("/etc/sos.conf")
+ self.addCopySpec("/etc/sysconfig")
+EOF_sos_patch
+python -m compileall /usr/lib/python2.*/site-packages/sos
+
+# XXX someting is wrong with readonly-root and dracut
+# see modules.d/95rootfs-block/mount-root.sh
+sed -i "s/defaults,noatime/defaults,ro,noatime/g" /etc/fstab
+
+echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
+
+#mount kernel debugfs
+echo "debugfs /sys/kernel/debug debugfs auto 0 0" >> /etc/fstab
+
+#symlink ovirt-node-setup into $PATH
+ln -s /usr/bin/ovirt-node-setup /usr/sbin/setup
+
+
+#set NETWORKING off by default
+augtool << \EOF_NETWORKING
+set /files/etc/sysconfig/network/NETWORKING no
+save
+EOF_NETWORKING
+
+# disable SSH password auth by default
+# set ssh timeouts for increased security
+augtool << \EOF_sshd_config
+set /files/etc/ssh/sshd_config/PasswordAuthentication no
+set /files/etc/ssh/sshd_config/ClientAliveInterval 900
+set /files/etc/ssh/sshd_config/ClientAliveCountMax 0
+save
+EOF_sshd_config
+
+# disable yum repos by default
+rm -f /tmp/yum.aug
+for i in $(augtool match /files/etc/yum.repos.d/*/*/enabled 1); do
+ echo "set $i 0" >> /tmp/yum.aug
+done
+if [ -f /tmp/yum.aug ]; then
+ echo "save" >> /tmp/yum.aug
+ augtool < /tmp/yum.aug
+ rm -f /tmp/yum.aug
+fi
+
+# cleanup yum directories
+rm -rf /var/lib/yum/*
+
+# enable strong random number generation
+sed -i '/SSH_USE_STRONG_RNG/d' /etc/sysconfig/sshd
diff --git a/custom-template.ks b/custom-template.ks
new file mode 100644
index 0000000..08af489
--- /dev/null
+++ b/custom-template.ks
@@ -0,0 +1,31 @@
+# oVirt Node image recipe
+# This an example TEMPLATE for customizations.
+
+%include common-install.ks
+# add custom installation directives here
+
+%include repos.ks
+# add custom repos here
+
+%packages --excludedocs --nobase
+%include common-pkgs.ks
+# add custom package list here
+
+%end
+
+%post
+%include common-post.ks
+# add custom post-scripts here
+
+%end
+
+%include common-blacklist.ks
+
+%post --nochroot
+%include common-post-nochroot.ks
+# add custom post-scripts running outside image chroot here
+
+%end
+
+%include common-manifest-post.ks
+
diff --git a/fedora-pkgs.ks b/fedora-pkgs.ks
new file mode 100644
index 0000000..6ffd7cb
--- /dev/null
+++ b/fedora-pkgs.ks
@@ -0,0 +1,34 @@
+# remove
+-fedora-release
+-fedora-release-notes
+-fedora-logos
+generic-logos
+# Fedora only packages
+collectd-virt
+#
+anyterm
+glusterfs-client
+
+## @TODO: added by archipel to report in rhev.pkgs
+# host statistics rhbz#588852
+vhostmd
+
+# keyboard layout
+system-config-keyboard-base
+# plymouth stuff
+plymouth
+plymouth-system-theme
+plymouth-plugin-label
+plymouth-graphics-libs
+plymouth-scripts
+plymouth-plugin-two-step
+plymouth-theme-charge
+
+# f18 doesn't pull in rsyslog
+rsyslog
+
+ovirt-node-selinux
+kbd-misc
+
+#async reboot
+python-daemon
diff --git a/image-minimizer.ks b/image-minimizer.ks
new file mode 100644
index 0000000..13be1ca
--- /dev/null
+++ b/image-minimizer.ks
@@ -0,0 +1,11 @@
+%post --nochroot --interpreter image-minimizer
+%include common-minimizer.ks
+%include ovirt20-minimizer.ks
+%end
+
+%post
+echo "Removing python source files"
+find /usr -name '*.py' -exec rm -f {} \;
+find /usr -name '*.pyo' -exec rm -f {} \;
+
+%end
diff --git a/jenkins.sh b/jenkins.sh
index 83e73ac..fcdce37 100755
--- a/jenkins.sh
+++ b/jenkins.sh
@@ -195,6 +195,7 @@
"$WORKSPACE"/manifest*
"$WORKSPACE"/ovirt-node-iso.mini-manifest.txt
"$WORKSPACE"/*log
+ "$WORKSPACE"/rpmbuild/RPMS/noarch/ovirt-node-tools*.rpm
)
mv "${to_archive[@]}" "$dst_dir"
}
diff --git a/ovirt-node-image.ks b/ovirt-node-image.ks
new file mode 100644
index 0000000..9c78cfa
--- /dev/null
+++ b/ovirt-node-image.ks
@@ -0,0 +1,27 @@
+# ovirt20 Node image recipe
+
+%include common-install.ks
+%include ovirt20-install.ks
+
+%include repos.ks
+
+%packages --excludedocs --nobase
+%include common-pkgs.ks
+%include ovirt20-pkgs.ks
+
+%end
+
+%post
+%include common-post.ks
+%include ovirt20-post.ks
+%end
+
+%post --nochroot
+%include common-nochroot.ks
+
+%end
+
+%include image-minimizer.ks
+
+%include common-manifest.ks
+
diff --git a/ovirt-node-iso.ks b/ovirt-node-iso.ks
new file mode 100644
index 0000000..fd65ce6
--- /dev/null
+++ b/ovirt-node-iso.ks
@@ -0,0 +1,1203 @@
+#version=DEVEL
+repo --name="fedora" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=x86_64
+repo --name="fedora-updates" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-relesed-f$releasever-$releasever&arch=x86_64
+repo --name="node-stable-repo" --baseurl=http://ovirt.org/releases//node-base/stable/rpm/Fedora/20
+# Keyboard layouts
+keyboard 'us'
+
+# System timezone
+timezone UTC --isUtc
+# System language
+lang en_US.utf8
+# Firewall configuration
+firewall --disabled
+device virtio_blk
+device virtio_pci
+device scsi_wait_scan
+device dm-multipath
+device dm-round-robin
+device dm-emc
+device dm-rdac
+device dm-hp-sw
+device scsi_dh_rdac
+device 3w-9xxx
+device 3w-sas
+device 3w-xxxx
+device a100u2w
+device aacraid
+device xhci-hcd
+device aic79xx
+device aic94xx
+device arcmsr
+device atp870u
+device be2iscsi
+device bfa
+device BusLogic
+device cciss
+device cxgb3i
+device dc395x
+device fnic
+device gdth
+device hpsa
+device hptiop
+device imm
+device initio
+device ips
+device isci
+device libosd
+device libsas
+device libsrp
+device lpfc
+device megaraid
+device megaraid_mbox
+device megaraid_mm
+device megaraid_sas
+device mpt2sas
+device mvsas
+device osd
+device osst
+device pm8001
+device pmcraid
+device qla1280
+device qla2xxx
+device qla4xxx
+device qlogicfas408
+device stex
+device tmscsim
+device ums-sddr09
+device ums-realtek
+device ums-sddr55
+device ums-isd200
+device ums-alauda
+device ums-freecom
+device ums-cypress
+device ums-jumpshot
+device ums-onetouch
+device ums-karma
+device ums-usbat
+device ums-datafab
+device ums-eneub6250
+# System authorization information
+auth --useshadow --enablemd5
+# SELinux configuration
+selinux --enforcing
+
+# System services
+services --disabled="kdump" --enabled="auditd,ntpd,ntpdate,iptables,network,rsyslog,multipathd,snmpd,ovirt-early,ovirt,ovirt-post,ovirt-kdump,anyterm,collectd,libvirtd,cgconfig,mcelog,tuned"
+# System bootloader configuration
+bootloader --append="rd.live.check rd.lvm=0 rd_NO_MULTIPATH rootflags=ro crashkernel=128M elevator=deadline install quiet max_loop=256" --location=mbr --timeout=30
+# Disk partitioning information
+part / --fstype="ext2" --size=1536
+
+%post
+echo "Starting Kickstart Post"
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+export PATH
+
+# cleanup rpmdb to allow non-matching host and chroot RPM versions
+echo "Removing yumdb data"
+rm -f /var/lib/rpm/__db*
+
+echo "Creating shadow files"
+# because we aren't installing authconfig, we aren't setting up shadow
+# and gshadow properly. Do it by hand here
+pwconv
+grpconv
+
+echo "Lock root account"
+passwd -l root
+
+echo "Relabeling files"
+/usr/sbin/fixfiles -R -a restore
+
+echo "Configuring libvirt"
+# make sure we don't autostart virbr0 on libvirtd startup
+rm -f /etc/libvirt/qemu/networks/autostart/default.xml
+
+# rhevh uses libvirtd upstart job, sysv initscript must not interfere
+rm -f /etc/rc.d/init.d/libvirtd
+
+# Remove the default logrotate daily cron job
+# since we run it every 10 minutes instead.
+rm -f /etc/cron.daily/logrotate
+
+# Logrotate more judiciously so the size of syslog stays under control
+sed -i '/^.*sharedscripts/a \ rotate 5\n size 15M\n compress' /etc/logrotate.d/syslog
+
+# root's bash profile
+cat >> /root/.bashrc << \EOF_bashrc
+# aliases used for the temporary
+function mod_vi() {
+ /bin/vi $@
+ restorecon -v $@ >/dev/null 2>&1
+}
+
+function mod_yum() {
+ if [ "$1" == "--force" ]; then
+ echo $@ > /dev/null
+ shift
+ /usr/bin/yum $@
+ else
+ printf "\nUsing yum is not supported\n\n"
+ fi
+}
+
+function mod_less() {
+ cat $1 | less
+}
+
+alias ping='ping -c 3'
+alias yum="mod_yum"
+alias less="mod_less"
+export MALLOC_CHECK_=1
+export LVM_SUPPRESS_FD_WARNINGS=0
+EOF_bashrc
+
+# directories required in the image with the correct perms
+# config persistance currently handles only regular files
+mkdir -p /root/.ssh
+chmod 700 /root/.ssh
+mkdir -p /boot
+mkdir -p /boot-kdump
+mkdir -p /config
+mkdir -p /data
+mkdir -p /data2
+mkdir -p /live
+mkdir -p /liveos
+mkdir -p /root/.uml
+mkdir -p /var/cache/multipathd
+touch /var/lib/random-seed
+echo "/dev/HostVG/Config /config ext4 defaults,noauto,noatime 0 0" >> /etc/fstab
+
+# Create wwids file to prevent an error on boot, rhbz #805570
+mkdir -p /etc/multipath
+touch /etc/multipath/wwids
+chmod 0600 /etc/multipath/wwids
+
+# prepare for STATE_MOUNT in rc.sysinit
+augtool << \EOF_readonly-root
+set /files/etc/sysconfig/readonly-root/STATE_LABEL CONFIG
+set /files/etc/sysconfig/readonly-root/STATE_MOUNT /config
+set /files/etc/sysconfig/readonly-root/READONLY yes
+save
+EOF_readonly-root
+
+# comment out /etc/* entries in rwtab to prevent overlapping mounts
+sed -i '/^files \/etc*/ s/^/#/' /etc/rwtab
+cat > /etc/rwtab.d/ovirt << \EOF_rwtab_ovirt
+files /etc
+dirs /var/lib/multipath
+files /var/lib/net-snmp
+dirs /var/lib/dnsmasq
+files /root/.ssh
+dirs /root/.uml
+files /var/cache/libvirt
+files /var/empty/sshd/etc/localtime
+files /var/lib/libvirt
+files /var/lib/multipath
+files /var/lib/glusterd
+files /var/cache/multipathd
+empty /mnt
+files /boot
+empty /boot-kdump
+empty /cgroup
+files /var/lib/yum
+files /var/cache/yum
+files /usr/share/snmp/mibs
+files /var/lib/lldpad
+dirs /var/cache/rpcbind
+files /usr/share/snmp/mibs
+files /var/lib/lldpad
+dirs /var/cache/rpcbind
+EOF_rwtab_ovirt
+
+# fix iSCSI/LVM startup issue
+sed -i 's/node\.session\.initial_login_retry_max.*/node.session.initial_login_retry_max = 60/' /etc/iscsi/iscsid.conf
+
+#lvm.conf should use /dev/mapper and /dev/sdX devices
+# and not /dev/dm-X devices
+sed -i 's/preferred_names = \[ "^\/dev\/mpath\/", "^\/dev\/mapper\/mpath", "^\/dev\/\[hs\]d" \]/preferred_names = \[ "^\/dev\/mapper", "^\/dev\/\[hsv\]d" \]/g' /etc/lvm/lvm.conf
+
+# unset AUDITD_LANG to prevent boot errors
+sed -i '/^AUDITD_LANG*/ s/^/#/' /etc/sysconfig/auditd
+
+# kdump configuration
+augtool << \EOF_kdump
+set /files/etc/sysconfig/kdump/KDUMP_BOOTDIR /boot-kdump
+set /files/etc/sysconfig/kdump/MKDUMPRD_ARGS --allow-missing
+save
+EOF_kdump
+
+# add admin user for configuration ui
+useradd admin
+usermod -G wheel admin
+usermod -s /usr/libexec/ovirt-admin-shell admin
+echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
+# load modules required by crypto swap
+cat > /etc/sysconfig/modules/swap-crypt.modules << \EOF_swap-crypt
+#!/bin/sh
+
+modprobe aes >/dev/null 2>&1
+modprobe dm_mod >/dev/null 2>&1
+modprobe dm_crypt >/dev/null 2>&1
+modprobe cryptoloop >/dev/null 2>&1
+modprobe cbc >/dev/null 2>&1
+modprobe sha256 >/dev/null 2>&1
+
+EOF_swap-crypt
+chmod +x /etc/sysconfig/modules/swap-crypt.modules
+
+#strip out all unncesssary locales
+localedef --list-archive | grep -v -i -E 'en_US.utf8' |xargs localedef --delete-from-archive
+mv /usr/lib/locale/locale-archive /usr/lib/locale/locale-archive.tmpl
+/usr/sbin/build-locale-archive
+
+# use static RPC ports, to avoid collisions
+augtool << \EOF_nfs
+set /files/etc/sysconfig/nfs/RQUOTAD_PORT 875
+set /files/etc/sysconfig/nfs/LOCKD_TCPPORT 32803
+set /files/etc/sysconfig/nfs/LOCKD_UDPPORT 32769
+set /files/etc/sysconfig/nfs/MOUNTD_PORT 892
+set /files/etc/sysconfig/nfs/STATD_PORT 662
+set /files/etc/sysconfig/nfs/STATD_OUTGOING_PORT 2020
+save
+EOF_nfs
+
+# sosreport fixups for node image:
+# use .pyc for plugins enumeration, .py is blacklisted
+# include *-release
+patch --fuzz 3 -d /usr/lib/python2.*/site-packages/sos -p0 << \EOF_sos_patch
+--- sosreport.py.orig 2011-04-07 11:51:40.000000000 +0000
++++ sosreport.py 2011-07-06 13:26:44.000000000 +0000
+@@ -428,8 +428,8 @@
+
+ # validate and load plugins
+ for plug in plugins:
+- plugbase = plug[:-3]
+- if not plug[-3:] == '.py' or plugbase == "__init__":
++ plugbase = plug[:-4]
++ if not plug[-4:] == '.pyc' or plugbase == "__init__":
+ continue
+ try:
+ if GlobalVars.policy.validatePlugin(pluginpath + plug):
+--- plugins/general.py.orig 2011-02-09 15:25:48.000000000 +0000
++++ plugins/general.py 2011-07-06 23:13:32.000000000 +0000
+@@ -25,8 +25,7 @@
+ ("all_logs", "collect all log files defined in syslog.conf", "", False)]
+
+ def setup(self):
+- self.addCopySpec("/etc/redhat-release")
+- self.addCopySpec("/etc/fedora-release")
++ self.addCopySpec("/etc/*-release")
+ self.addCopySpec("/etc/inittab")
+ self.addCopySpec("/etc/sos.conf")
+ self.addCopySpec("/etc/sysconfig")
+EOF_sos_patch
+python -m compileall /usr/lib/python2.*/site-packages/sos
+
+# XXX someting is wrong with readonly-root and dracut
+# see modules.d/95rootfs-block/mount-root.sh
+sed -i "s/defaults,noatime/defaults,ro,noatime/g" /etc/fstab
+
+echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
+
+#mount kernel debugfs
+echo "debugfs /sys/kernel/debug debugfs auto 0 0" >> /etc/fstab
+
+#symlink ovirt-node-setup into $PATH
+ln -s /usr/bin/ovirt-node-setup /usr/sbin/setup
+
+
+#set NETWORKING off by default
+augtool << \EOF_NETWORKING
+set /files/etc/sysconfig/network/NETWORKING no
+save
+EOF_NETWORKING
+
+# disable SSH password auth by default
+# set ssh timeouts for increased security
+augtool << \EOF_sshd_config
+set /files/etc/ssh/sshd_config/PasswordAuthentication no
+set /files/etc/ssh/sshd_config/ClientAliveInterval 900
+set /files/etc/ssh/sshd_config/ClientAliveCountMax 0
+save
+EOF_sshd_config
+
+# disable yum repos by default
+rm -f /tmp/yum.aug
+for i in $(augtool match /files/etc/yum.repos.d/*/*/enabled 1); do
+ echo "set $i 0" >> /tmp/yum.aug
+done
+if [ -f /tmp/yum.aug ]; then
+ echo "save" >> /tmp/yum.aug
+ augtool < /tmp/yum.aug
+ rm -f /tmp/yum.aug
+fi
+
+# cleanup yum directories
+rm -rf /var/lib/yum/*
+
+# enable strong random number generation
+sed -i '/SSH_USE_STRONG_RNG/d' /etc/sysconfig/sshd
+ touch /etc/resolv.conf
+
+ # set up qemu daemon to allow outside VNC connections
+ sed -i -e 's/^[[:space:]]*#[[:space:]]*\(vnc_listen = "0.0.0.0"\).*/\1/' \
+ /etc/libvirt/qemu.conf
+
+ # disable mdns/avahi
+ sed -i -e 's/^[[:space:]]*#[[:space:]]*\(mdns_adv = 0\).*/\1/' \
+ /etc/libvirt/qemu.conf
+
+#ovirt_setup_anyterm()
+ # configure anyterm
+ cat >> /etc/sysconfig/anyterm << \EOF_anyterm
+ANYTERM_CMD="sudo /usr/bin/virsh console %p"
+ANYTERM_LOCAL_ONLY=false
+EOF_anyterm
+
+ # permit it to run the virsh console
+ echo "anyterm ALL=NOPASSWD: /usr/bin/virsh console *" >> /etc/sudoers
+
+# systemd configuration
+# set default runlevel to multi-user(3)
+
+rm -rf /etc/systemd/system/default.target
+ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+systemctl enable ovirt-firstboot.service >/dev/null 2>&1
+
+echo "Configuring IPTables"
+# here, we need to punch the appropriate holes in the firewall
+# disabled until ovirt-engine supports firewalld
+
+#cat > /usr/lib/firewalld/services/ovirt.xml << \EOF
+#<?xml version="1.0" encoding="utf-8"?>
+#<service>
+# <short>ovirt-node</short>
+# <description>This service opens necessary ports for ovirt-node operations</description>
+# <!-- libvirt tls -->
+# <port protocol="tcp" port="16514"/>
+# <!-- guest consoles -->
+# <port protocol="tcp" port="5634-6166"/>
+# <!-- migration -->
+# <port protocol="tcp" port="49152-49216"/>
+# <!-- snmp -->
+# <port protocol="udp" port="161"/>
+#</service>
+#EOF
+
+# enable required services
+#firewall-offline-cmd -s ssh
+#firewall-offline-cmd -s ovirt
+#firewall-offline-cmd -s dhcpv6-client
+
+cat > /etc/sysconfig/iptables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+#vdsm
+-A INPUT -p tcp --dport 54321 -j ACCEPT
+# libvirt tls
+-A INPUT -p tcp --dport 16514 -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+#
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+EOF
+# configure IPv6 firewall, default is all ACCEPT
+cat > /etc/sysconfig/ip6tables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+# unblock ipv6 dhcp response
+-A INPUT -p udp --dport 546 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp6-adm-prohibited
+COMMIT
+EOF
+echo "-w /etc/shadow -p wa" >> /etc/audit/audit.rules
+
+# Workaround for packages needing /etc/ovirt-node-image-release
+ln -s /etc/system-release /etc/ovirt-node-image-release
+%end
+
+%post --nochroot
+PRODUCT='oVirt Node Hypervisor'
+PRODUCT_SHORT='oVirt Node Hypervisor'
+PACKAGE=ovirt-node-iso
+VERSION=3.1.0
+RELEASE=0.999.201403111051.fc20
+if [ -f "ovirt-authorized_keys" ]; then
+ echo "Adding authorized_keys to Image"
+ mkdir -p $INSTALL_ROOT/root/.ssh
+ cp -v ovirt-authorized_keys $INSTALL_ROOT/root/.ssh/authorized_keys
+ chown -R root:root $INSTALL_ROOT/root/.ssh
+ chmod 755 $INSTALL_ROOT/root/.ssh
+ chmod 644 $INSTALL_ROOT/root/.ssh/authorized_keys
+fi
+
+echo "Fixing boot menu"
+# remove quiet from Node bootparams, added by livecd-creator
+sed -i -e 's/ quiet//' $LIVE_ROOT/isolinux/isolinux.cfg
+
+# Remove Verify and Boot option
+sed -i -e '/label check0/{N;N;N;d;}' $LIVE_ROOT/isolinux/isolinux.cfg
+
+# Rename Boot option to Install or Upgrade
+sed -i 's/^ menu label Boot$/ menu label Install or Upgrade/' $LIVE_ROOT/isolinux/isolinux.cfg
+
+# add serial console boot entry
+menu=$(mktemp)
+awk '
+/^label linux0/ { linux0=1 }
+linux0==1 && $1=="append" {
+ append0=$0
+}
+linux0==1 && $1=="label" && $2!="linux0" {
+ linux0=2
+ print "label install (basic video)"
+ print " menu label Install (Basic Video)"
+ print " kernel vmlinuz0"
+ print append0" nomodeset "
+ print "label serial-console"
+ print " menu label Install or Upgrade with serial console"
+ print " kernel vmlinuz0"
+ print append0" console=ttyS0,115200n8 "
+ print "label reinstall"
+ print " menu label Reinstall"
+ print " kernel vmlinuz0"
+ print append0" reinstall "
+ print "label reinstall (basic video)"
+ print " menu label Reinstall (Basic Video)"
+ print " kernel vmlinuz0"
+ print append0" reinstall nomodeset "
+ print "label reinstall-serial"
+ print " menu label Reinstall with serial console"
+ print " kernel vmlinuz0"
+ print append0" reinstall console=ttyS0,115200n8 "
+ print "label uninstall"
+ print " menu label Uninstall"
+ print " kernel vmlinuz0"
+ print append0" uninstall "
+}
+{ print }
+' $LIVE_ROOT/isolinux/isolinux.cfg > $menu
+# change the title
+sed -i -e '/^menu title/d' $menu
+echo "say This is the $PRODUCT $VERSION ($RELEASE)" > $LIVE_ROOT/isolinux/isolinux.cfg
+echo "menu title ${PRODUCT_SHORT} $VERSION ($RELEASE)" >> $LIVE_ROOT/isolinux/isolinux.cfg
+cat $menu >> $LIVE_ROOT/isolinux/isolinux.cfg
+rm $menu
+# remove extra boot args add by updated livecd-tools
+sed -i -e 's/xdriver=vesa nomodeset//g' $LIVE_ROOT/isolinux/isolinux.cfg
+cp $INSTALL_ROOT/usr/share/ovirt-node/syslinux-vesa-splash.jpg $LIVE_ROOT/isolinux/splash.jpg
+
+# store image version info in the ISO and rootfs
+cat > $LIVE_ROOT/isolinux/version <<EOF
+PRODUCT='$PRODUCT'
+PRODUCT_SHORT='${PRODUCT_SHORT}'
+PRODUCT_CODE=$PRODUCT_CODE
+RECIPE_SHA256=$RECIPE_SHA256
+RECIPE_RPM=$RECIPE_RPM
+PACKAGE=$PACKAGE
+VERSION=$VERSION
+RELEASE=$RELEASE
+EOF
+cp $LIVE_ROOT/isolinux/version $INSTALL_ROOT/etc/default/
+
+# overwrite user visible banners with the image versioning info
+# system-release in rootfs get's updated, but now it's out of sync with initrd
+# The only bit which is missing in the initrd system-release file is VERSION
+# /(which is not shown in ply anyway)
+# The initrd can not be regeneated in a non-chroot env (here)
+cat > $INSTALL_ROOT/etc/$PACKAGE-release <<EOF
+$PRODUCT release $VERSION ($RELEASE)
+EOF
+ln -snf $PACKAGE-release $INSTALL_ROOT/etc/redhat-release
+ln -snf $PACKAGE-release $INSTALL_ROOT/etc/system-release
+cp $INSTALL_ROOT/etc/$PACKAGE-release $INSTALL_ROOT/etc/issue
+echo "Kernel \r on an \m (\l)" >> $INSTALL_ROOT/etc/issue
+cp $INSTALL_ROOT/etc/issue $INSTALL_ROOT/etc/issue.net
+
+NAME=$(grep CDLABEL $LIVE_ROOT/isolinux/isolinux.cfg |head -n1|sed -r 's/^.*CDLABEL\=([a-zA-Z0-9_\.-]+) .*$/\1/g')
+
+if [ ! -e $INSTALL_ROOT/sbin/grub2-install ]; then
+ cat > $LIVE_ROOT/EFI/BOOT/BOOTX64.conf <<EOF
+default=0
+splashimage=/EFI/BOOT/splash.xpm.gz
+timeout 30
+hiddenmenu
+title Install / Upgrade ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0
+ initrd /isolinux/initrd0.img
+title Install / Upgrade (Basic Video) ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 nomodeset
+ initrd /isolinux/initrd0.img
+title Install / Upgrade with serial console ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 console=ttyS0,115200n8
+ initrd /isolinux/initrd0.img
+title Reinstall ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall
+ initrd /isolinux/initrd0.img
+title Reinstall (Basic Video) ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall nomodeset
+ initrd /isolinux/initrd0.img
+title Reinstall with serial console ${PRODUCT_SHORT}-$VERSION-$RELEASE
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall console=ttyS0,115200n8
+ initrd /isolinux/initrd0.img
+title Uninstall
+ kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 uninstall
+ initrd /isolinux/initrd0.img
+EOF
+else
+ cat > $LIVE_ROOT/EFI/BOOT/BOOTX64.conf <<EOF
+set default="0"
+
+function load_video {
+ insmod efi_gop
+ insmod efi_uga
+ insmod video_bochs
+ insmod video_cirrus
+ insmod all_video
+}
+
+load_video
+set gfxpayload=keep
+insmod gzio
+insmod part_gpt
+insmod ext2
+
+set timeout=30
+
+menuentry 'Install or Upgrade ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Install or Upgrade (Basic Video) ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 nomodeset
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Install or Upgrade with serial console ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 console=ttyS0,115200n8
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Reinstall ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Reinstall (Basic Video) ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall nomodeset
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Reinstall with serial console ${PRODUCT_SHORT}-$VERSION-$RELEASE' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall console=ttyS0,115200n8
+ initrdefi /isolinux/initrd0.img
+}
+menuentry 'Uninstall' --class fedora --class gnu-linux --class gnu --class os {
+ linuxefi /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=128M elevator=deadline install rhgb quiet rd_NO_MULTIPATH rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 uninstall
+ initrdefi /isolinux/initrd0.img
+}
+EOF
+fi
+cp $LIVE_ROOT/EFI/BOOT/BOOTX64.conf $LIVE_ROOT/EFI/BOOT/grub.cfg
+
+%end
+
+%post --interpreter=image-minimizer --nochroot
+droprpm system-config-*
+keeprpm system-config-keyboard-base
+
+# Needed for selinux-policy generation
+#droprpm mkinitrd
+#droprpm checkpolicy
+#droprpm make
+drop /usr/share/selinux
+droprpm selinux-policy-devel
+
+droprpm gamin
+droprpm pm-utils
+droprpm usermode
+droprpm vbetool
+droprpm ConsoleKit
+droprpm linux-atm-libs
+droprpm mtools
+droprpm syslinux
+droprpm wireless-tools
+droprpm radeontool
+droprpm gnupg2
+droprpm fedora-release-notes
+droprpm fedora-logos
+
+# rhbz#641494 - drop unnecessary rpms pulled in from libguestfs-winsupport
+droprpm fakechroot
+droprpm fakechroot-libs
+droprpm fakeroot
+droprpm fakeroot-libs
+droprpm febootstrap
+
+# cronie pulls in exim (sendmail) which pulls in all kinds of perl deps
+droprpm exim
+droprpm perl*
+keeprpm perl-libs
+droprpm postfix
+droprpm mysql*
+
+droprpm sysklogd
+# pam complains when this is missing
+keeprpm ConsoleKit-libs
+
+# kernel modules minimization
+
+# filesystems
+drop /lib/modules/*/kernel/fs
+keep /lib/modules/*/kernel/fs/ext*
+keep /lib/modules/*/kernel/fs/mbcache*
+keep /lib/modules/*/kernel/fs/squashfs
+keep /lib/modules/*/kernel/fs/jbd*
+keep /lib/modules/*/kernel/fs/btrfs
+keep /lib/modules/*/kernel/fs/cifs*
+keep /lib/modules/*/kernel/fs/fat
+keep /lib/modules/*/kernel/fs/nfs
+keep /lib/modules/*/kernel/fs/nfs_common
+keep /lib/modules/*/kernel/fs/fscache
+keep /lib/modules/*/kernel/fs/lockd
+keep /lib/modules/*/kernel/fs/nls/nls_utf8.ko
+keep /lib/modules/*/kernel/fs/configfs/configfs.ko
+keep /lib/modules/*/kernel/fs/fuse
+keep /lib/modules/*/kernel/fs/isofs
+# autofs4 configfs exportfs *fat *jbd mbcache.ko nls xfs
+#*btrfs cramfs *ext2 *fscache *jbd2 *nfs squashfs
+# cachefiles dlm *ext3 fuse jffs2 *nfs_common ubifs
+# cifs ecryptfs *ext4 gfs2 *lockd nfsd udf
+
+# network
+drop /lib/modules/*/kernel/net
+keep /lib/modules/*/kernel/net/802*
+keep /lib/modules/*/kernel/net/bridge
+keep /lib/modules/*/kernel/net/core
+keep /lib/modules/*/kernel/net/dns_resolver
+keep /lib/modules/*/kernel/net/ipv*
+keep /lib/modules/*/kernel/net/key
+keep /lib/modules/*/kernel/net/llc
+keep /lib/modules/*/kernel/net/netfilter
+keep /lib/modules/*/kernel/net/rds
+keep /lib/modules/*/kernel/net/sctp
+keep /lib/modules/*/kernel/net/sched
+keep /lib/modules/*/kernel/net/sunrpc
+#*802 atm can ieee802154 *key *netfilter rfkill *sunrpc xfrm
+#*8021q bluetooth *core *ipv4 *llc phonet sched wimax
+# 9p *bridge dccp *ipv6 mac80211 *rds *sctp wireless
+
+drop /lib/modules/*/kernel/sound
+
+# drivers
+drop /lib/modules/*/kernel/drivers
+keep /lib/modules/*/kernel/drivers/ata
+keep /lib/modules/*/kernel/drivers/block
+keep /lib/modules/*/kernel/drivers/cdrom
+keep /lib/modules/*/kernel/drivers/char
+keep /lib/modules/*/kernel/drivers/cpufreq
+keep /lib/modules/*/kernel/drivers/dca
+keep /lib/modules/*/kernel/drivers/dma
+keep /lib/modules/*/kernel/drivers/edac
+keep /lib/modules/*/kernel/drivers/firmware
+keep /lib/modules/*/kernel/drivers/idle
+keep /lib/modules/*/kernel/drivers/infiniband
+keep /lib/modules/*/kernel/drivers/input/misc/uinput.ko
+keep /lib/modules/*/kernel/drivers/md
+keep /lib/modules/*/kernel/drivers/message
+keep /lib/modules/*/kernel/drivers/net
+drop /lib/modules/*/kernel/drivers/net/pcmcia
+drop /lib/modules/*/kernel/drivers/net/wireless
+drop /lib/modules/*/kernel/drivers/net/ppp*
+keep /lib/modules/*/kernel/drivers/pci
+keep /lib/modules/*/kernel/drivers/pps
+keep /lib/modules/*/kernel/drivers/ptp
+keep /lib/modules/*/kernel/drivers/scsi
+keep /lib/modules/*/kernel/drivers/staging/ramzswap
+keep /lib/modules/*/kernel/drivers/uio
+keep /lib/modules/*/kernel/drivers/usb
+drop /lib/modules/*/kernel/drivers/usb/atm
+drop /lib/modules/*/kernel/drivers/usb/class
+drop /lib/modules/*/kernel/drivers/usb/image
+drop /lib/modules/*/kernel/drivers/usb/misc
+drop /lib/modules/*/kernel/drivers/usb/serial
+keep /lib/modules/*/kernel/drivers/usb/storage
+keep /lib/modules/*/kernel/drivers/vhost
+keep /lib/modules/*/kernel/drivers/virtio
+keep /lib/modules/*/kernel/drivers/watchdog
+keep /lib/modules/*/kernel/drivers/i2c
+
+# acpi *cpufreq hid leds mtd ?regulator uwb
+#*ata crypto ?hwmon *md *net* rtc *vhost
+# atm *dca ?i2c media ?parport *scsi* video
+# auxdisplay *dma *idle memstick *pci ?serial *virtio
+#*block *edac ieee802154 *message pcmcia ?ssb watchdog
+# bluetooth firewire *infiniband ?mfd platform *staging xen
+#*cdrom *firmware input misc ?power ?uio
+#*char* ?gpu isdn mmc ?pps *usb
+
+drop /usr/share/zoneinfo
+keep /usr/share/zoneinfo/UTC
+
+drop /etc/alsa
+drop /usr/share/alsa
+drop /usr/share/awk
+drop /usr/share/vim
+drop /usr/share/anaconda
+drop /usr/share/backgrounds
+drop /usr/share/wallpapers
+drop /usr/share/kde-settings
+drop /usr/share/gnome-background-properties
+drop /usr/share/setuptool
+drop /usr/share/hwdata/MonitorsDB
+drop /usr/share/hwdata/oui.txt
+drop /usr/share/hwdata/videoaliases
+drop /usr/share/hwdata/videodrivers
+drop /usr/share/firstboot
+drop /usr/share/lua
+drop /usr/share/kde4
+drop /usr/share/pixmaps
+drop /usr/share/icons
+drop /usr/share/fedora-release
+drop /usr/share/tabset
+drop /usr/share/augeas/lenses/tests
+drop /usr/share/augeas/lenses/dist/*
+# generic includes
+keep /usr/share/augeas/lenses/dist/build.aug
+keep /usr/share/augeas/lenses/dist/hosts.aug
+keep /usr/share/augeas/lenses/dist/inifile.aug
+keep /usr/share/augeas/lenses/dist/modprobe.aug
+keep /usr/share/augeas/lenses/dist/rx.aug
+keep /usr/share/augeas/lenses/dist/sep.aug
+keep /usr/share/augeas/lenses/dist/shellvars.aug
+keep /usr/share/augeas/lenses/dist/spacevars.aug
+keep /usr/share/augeas/lenses/dist/sysctl.aug
+keep /usr/share/augeas/lenses/dist/util.aug
+keep /usr/share/augeas/lenses/dist/simplevars.aug
+# whitelist only relevant lenses
+keep /usr/share/augeas/lenses/dist/buildd.aug
+keep /usr/share/augeas/lenses/dist/cgconfig.aug
+keep /usr/share/augeas/lenses/dist/cgrules.aug
+keep /usr/share/augeas/lenses/dist/cron.aug
+keep /usr/share/augeas/lenses/dist/dhclient.aug
+keep /usr/share/augeas/lenses/dist/dnsmasq.aug
+keep /usr/share/augeas/lenses/dist/ethers.aug
+keep /usr/share/augeas/lenses/dist/exports.aug
+keep /usr/share/augeas/lenses/dist/fstab.aug
+keep /usr/share/augeas/lenses/dist/group.aug
+keep /usr/share/augeas/lenses/dist/grub.aug
+keep /usr/share/augeas/lenses/dist/inittab.aug
+keep /usr/share/augeas/lenses/dist/iptables.aug
+keep /usr/share/augeas/lenses/dist/json.aug
+keep /usr/share/augeas/lenses/dist/krb5.aug
+keep /usr/share/augeas/lenses/dist/limits.aug
+keep /usr/share/augeas/lenses/dist/logrotate.aug
+keep /usr/share/augeas/lenses/dist/lokkit.aug
+keep /usr/share/augeas/lenses/dist/modules_conf.aug
+keep /usr/share/augeas/lenses/dist/multipath.aug
+keep /usr/share/augeas/lenses/dist/ntp.aug
+keep /usr/share/augeas/lenses/dist/pam.aug
+keep /usr/share/augeas/lenses/dist/passwd.aug
+keep /usr/share/augeas/lenses/dist/quote.aug
+keep /usr/share/augeas/lenses/dist/resolv.aug
+keep /usr/share/augeas/lenses/dist/securetty.aug
+keep /usr/share/augeas/lenses/dist/services.aug
+keep /usr/share/augeas/lenses/dist/shellvars_list.aug
+keep /usr/share/augeas/lenses/dist/sshd.aug
+keep /usr/share/augeas/lenses/dist/sudoers.aug
+keep /usr/share/augeas/lenses/dist/utill.aug
+keep /usr/share/augeas/lenses/dist/yum.aug
+drop /usr/share/tc
+drop /usr/share/emacs
+drop /usr/share/info
+drop /usr/src
+drop /usr/etc
+drop /usr/games
+drop /usr/include
+keep /usr/include/python2.*
+drop /usr/local
+drop /usr/sbin/dell*
+keep /usr/sbin/build-locale-archive
+drop /usr/sbin/glibc_post_upgrade.*
+drop /usr/lib*/tc
+drop /usr/lib*/tls
+drop /usr/lib*/sse2
+drop /usr/lib*/pkgconfig
+drop /usr/lib*/nss
+drop /usr/lib*/games
+drop /usr/lib*/alsa-lib
+drop /usr/lib*/krb5
+drop /usr/lib*/hal
+drop /usr/lib*/gio
+# syslinux
+drop /usr/share/syslinux
+# glibc-common locales
+drop /usr/lib/locale
+keep /usr/lib/locale/locale-archive
+keep /usr/lib/locale/usr/share/locale/en_US
+# pango
+drop /usr/lib*/pango
+drop /usr/lib*/libthai*
+drop /usr/share/libthai
+drop /usr/bin/pango*
+# hal
+drop /usr/bin/hal-disable-polling
+drop /usr/bin/hal-is-caller-locked-out
+drop /usr/bin/hal-is-caller-privileged
+drop /usr/bin/hal-lock
+drop /usr/bin/hal-set-property
+drop /usr/bin/hal-setup-keymap
+# openssh
+drop /usr/bin/sftp
+drop /usr/bin/slogin
+drop /usr/bin/ssh-add
+drop /usr/bin/ssh-agent
+drop /usr/bin/ssh-keyscan
+# docs
+drop /usr/share/omf
+drop /usr/share/gnome
+drop /usr/share/doc
+drop /usr/share/locale/
+keep /usr/share/locale/en_US
+keep /usr/share/locale/zh_CN
+drop /usr/share/man
+drop /usr/share/X11
+drop /usr/share/i18n
+drop /boot/*
+keep /boot/efi
+keep /boot/System.map*
+keep /boot/symvers*
+drop /var/lib/builder
+drop /usr/sbin/*-channel
+
+drop /usr/lib*/libboost*
+keep /usr/lib*/libboost_program_options.so*
+keep /usr/lib*/libboost_filesystem.so*
+keep /usr/lib*/libboost_thread-mt.so*
+keep /usr/lib*/libboost_system.so*
+keep /usr/lib*/libboost_system-mt.so*
+keep /usr/lib*/libboost_chrono-mt.so*
+drop /usr/kerberos
+keep /usr/kerberos/bin/kinit
+keep /usr/kerberos/bin/klist
+drop /lib/firmware
+keep /lib/firmware/3com
+keep /lib/firmware/acenic
+keep /lib/firmware/adaptec
+keep /lib/firmware/advansys
+keep /lib/firmware/bnx2
+keep /lib/firmware/bnx2x
+keep /lib/firmware/bnx2x*
+keep /lib/firmware/cxgb3
+keep /lib/firmware/cxgb4
+keep /lib/firmware/e100
+keep /lib/firmware/myricom
+keep /lib/firmware/ql*
+keep /lib/firmware/sun
+keep /lib/firmware/tehuti
+keep /lib/firmware/tigon
+keep /lib/firmware/cbfw*
+keep /lib/firmware/ctfw*
+keep /lib/firmware/ct2fw*
+keep /lib/firmware/aic94xx-seq.fw
+
+drop /etc/pki/tls
+keep /etc/pki/tls/openssl.cnf
+drop /etc/pki/java
+drop /etc/pki/nssdb
+
+
+#desktop files
+drop /etc/xdg/autostart/restorecond.desktop
+
+#ebtables depends on perl
+drop /sbin/ebtables-save
+drop /sbin/ebtables-restore
+
+# remove bogus kdump script (rpmdiff complains)
+drop /etc/kdump-adv-conf
+
+#remove rpms added by dmraid
+droprpm ConsoleKit
+droprpm checkpolicy
+droprpm dmraid-events
+droprpm gamin
+droprpm gnupg2
+droprpm linux-atm-libs
+droprpm make
+droprpm mtools
+droprpm mysql-libs
+droprpm perl
+droprpm perl-Module-Pluggable
+droprpm perl-Net-Telnet
+droprpm perl-PathTools
+droprpm perl-Pod-Escapes
+droprpm perl-Pod-Simple
+droprpm perl-Scalar-List-Utils
+droprpm perl-hivex
+droprpm perl-macros
+droprpm sgpio
+droprpm syslinux
+droprpm system-config-firewall-base
+droprpm usermode
+
+#NFS Server
+drop /usr/bin/rpcgen
+drop /usr/sbin/rpc.gssd
+drop /usr/sbin/rpc.mountd
+drop /usr/sbin/rpc.nfsd
+drop /usr/sbin/rpc.svcgssd
+drop /usr/sbin/rpcdebug
+droprpm qemu-system-alpha
+droprpm qemu-system-arm
+droprpm qemu-system-cris
+droprpm qemu-system-lm32
+droprpm qemu-system-m68k
+droprpm qemu-system-microblaze
+droprpm qemu-system-mips
+droprpm qemu-system-or32
+droprpm qemu-system-ppc
+droprpm qemu-system-s390x
+droprpm qemu-system-sh4
+droprpm qemu-system-sparc
+droprpm qemu-system-unicore
+droprpm qemu-system-xtensa
+droprpm qemu-user
+
+# libguestfs related minimization
+# The following rpms can be dropped and don't harm libguestfs too much
+droprpm SLOF
+droprpm cups-libs
+droprpm ghostscript
+droprpm ghostscript-fonts
+droprpm fuse
+droprpm fuse-libs
+droprpm gfs2-utils
+droprpm hfsplus-tools
+droprpm lcms2
+droprpm libXfont
+droprpm libXt
+droprpm libfontenc
+droprpm xorg-x11-font-utils
+droprpm man-db
+droprpm zerofree
+droprpm firewalld
+%end
+
+%post
+echo "Removing python source files"
+find /usr -name '*.py' -exec rm -f {} \;
+find /usr -name '*.pyo' -exec rm -f {} \;
+
+%end
+
+%post
+echo -n "Creating manifest"
+# Create post-image processing manifests
+rpm -qa --qf '%{name}-%{version}-%{release}.%{arch} (%{SIGPGP:pgpsig})\n' | \
+ sort > /manifest-rpm.txt
+rpm -qa --qf '%{sourcerpm}\n' | sort -u > /manifest-srpm.txt
+# collect all included licenses rhbz#601927
+rpm -qa --qf '%{license}\n' | sort -u > /manifest-license.txt
+# dependencies
+rpm -qa | xargs -n1 rpm -e --test 2> /manifest-deps.txt
+echo -n "."
+
+# Takes about 4min
+#find / -xdev -print -exec rpm -qf {} \; > /manifest-owns.txt
+# Alternative takes about 8sec, results are slightly different
+{
+ # Get all owned files
+ rpm -qa | while read PKG
+ do
+ rpm -ql $PKG | while read FIL
+ do
+ [[ -e "$FIL" ]] && echo $FIL
+ done | sed "s#\$#\t\t\t$PKG#"
+ done
+ # Get all files on fs and mark them as not owned
+ find / -xdev | sed "s#\$#\t\t\tNot owned by any package.#"
+# Just keep the first occurence of a file entry
+# Unowned files will just occur once,
+# owned once twice (just the firts entry is kept)
+} | sort -u -k1,1 | sed "s#\t\t\t#\n#" > /manifest-owns.txt
+
+
+du -akx --exclude=/var/cache/yum / > /manifest-file.txt
+du -x --exclude=/var/cache/yum / > /manifest-dir.txt
+echo -n "."
+bzip2 /manifest-deps.txt /manifest-owns.txt /manifest-file.txt /manifest-dir.txt
+echo -n "."
+
+%end
+
+%post --nochroot
+# Move manifests to ISO
+mv $INSTALL_ROOT/manifest-* $LIVE_ROOT/isolinux
+echo "done"
+
+# only works on x86, x86_64
+if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
+ if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
+ cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
+ cp /usr/bin/livecd-iso-to-pxeboot $LIVE_ROOT/LiveOS
+fi
+%end
+
+%packages --excludedocs --nobase
+/usr/sbin/lokkit
+NetworkManager-glib
+PyPAM
+acpid
+aic94xx-firmware
+anyterm
+audit
+bc
+bfa-firmware
+biosdevname
+bridge-utils
+checkpolicy
+collectd-virt
+cracklib-python
+cryptsetup-luks
+db4
+device-mapper-multipath
+dhclient
+dmraid
+dosfstools
+dracut-fips
+dracut-network
+e2fsprogs
+efibootmgr
+eject
+ethtool
+fcoe-utils
+file
+firewalld
+gdb
+generic-logos
+glusterfs
+glusterfs-client
+glusterfs-devel
+glusterfs-fuse
+glusterfs-rdma
+grub2-efi
+hdparm
+hwdata
+iptables
+irqbalance
+isomd5sum
+kbd-misc
+kernel
+kernel-modules-extra
+kexec-tools
+kpartx
+less
+libguestfs
+libguestfs-tools-c
+libicu
+libmlx4
+linux-firmware
+lsof
+lsscsi
+make
+mcelog
+net-tools
+newt-python
+numactl
+openssh-clients
+openssh-server
+ovirt-node
+ovirt-node-selinux
+passwd
+patch
+pciutils
+plymouth
+plymouth-graphics-libs
+plymouth-plugin-label
+plymouth-plugin-two-step
+plymouth-scripts
+plymouth-system-theme
+plymouth-theme-charge
+policycoreutils
+policycoreutils-python
+psmisc
+python
+python-daemon
+python-gudev
+python-hivex
+python-libguestfs
+python-libs
+python-setuptools
+qemu-kvm
+qemu-kvm-tools
+rootfiles
+rpm-python
+rsyslog
+selinux-policy-devel
+selinux-policy-targeted
+setools-console
+shim
+sos
+squashfs-tools
+strace
+sudo
+sysfsutils
+sysstat
+system-config-keyboard-base
+systemtap-runtime
+tcpdump
+usbutils
+vconfig
+vhostmd
+vim-minimal
+yum
+-audit-libs-python
+-authconfig
+-cpio
+-fedora-logos
+-fedora-release
+-fedora-release-notes
+-gzip
+-libselinux-python
+-libuser
+-mtools
+-newt
+-parted
+-prelink
+-setserial
+-tar
+-usermode
+-ustr
+-which
+-wireless-tools
+
+%end
diff --git a/ovirt17-install.ks b/ovirt17-install.ks
new file mode 100644
index 0000000..258cbdd
--- /dev/null
+++ b/ovirt17-install.ks
@@ -0,0 +1 @@
+services --enabled=auditd,ntpd,ntpdate,iptables,network,rsyslog,multipathd,snmpd,ovirt-early,ovirt,ovirt-post,ovirt-kdump,anyterm,collectd,libvirtd,cgconfig,mcelog,tuned --disabled=kdump
diff --git a/ovirt17-minimizer.ks b/ovirt17-minimizer.ks
new file mode 100644
index 0000000..3f967d0
--- /dev/null
+++ b/ovirt17-minimizer.ks
@@ -0,0 +1,2 @@
+# Fedora specific image minimization
+keep /usr/share/virt-manager
diff --git a/ovirt17-pkgs.ks b/ovirt17-pkgs.ks
new file mode 100644
index 0000000..4188a7b
--- /dev/null
+++ b/ovirt17-pkgs.ks
@@ -0,0 +1,12 @@
+%include fedora-pkgs.ks
+virt-manager-tui
+grub2-efi
+firewalld
+selinux-policy-devel
+shim
+# qlogic firmware
+ql2100-firmware
+ql2200-firmware
+ql23xx-firmware
+ql2400-firmware
+ql2500-firmware
diff --git a/ovirt17-post.ks b/ovirt17-post.ks
new file mode 100644
index 0000000..3199c05
--- /dev/null
+++ b/ovirt17-post.ks
@@ -0,0 +1,73 @@
+# ovirt-install-node-stateless
+# ovirt_setup_libvirtd()
+ # just to get a boot warning to shut up
+ touch /etc/resolv.conf
+
+ # set up qemu daemon to allow outside VNC connections
+ sed -i -e 's/^[[:space:]]*#[[:space:]]*\(vnc_listen = "0.0.0.0"\).*/\1/' \
+ /etc/libvirt/qemu.conf
+
+ # disable mdns/avahi
+ sed -i -e 's/^[[:space:]]*#[[:space:]]*\(mdns_adv = 0\).*/\1/' \
+ /etc/libvirt/qemu.conf
+
+#ovirt_setup_anyterm()
+ # configure anyterm
+ cat >> /etc/sysconfig/anyterm << \EOF_anyterm
+ANYTERM_CMD="sudo /usr/bin/virsh console %p"
+ANYTERM_LOCAL_ONLY=false
+EOF_anyterm
+
+ # permit it to run the virsh console
+ echo "anyterm ALL=NOPASSWD: /usr/bin/virsh console *" >> /etc/sudoers
+
+# systemd configuration
+# set default runlevel to multi-user(3)
+
+rm -rf /etc/systemd/system/default.target
+ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+systemctl enable ovirt-firstboot.service >/dev/null 2>&1
+systemctl enable ovirt-kdump.service >/dev/null 2>&1
+
+echo "Configuring IPTables"
+# here, we need to punch the appropriate holes in the firewall
+cat > /usr/lib/firewalld/services/ovirt.xml << \EOF
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+ <short>ovirt-node</short>
+ <description>This service opens necessary ports for ovirt-node operations</description>
+ <!-- libvirt tls -->
+ <port protocol="tcp" port="16514"/>
+ <!-- guest consoles -->
+ <port protocol="tcp" port="5634-6166"/>
+ <!-- migration -->
+ <port protocol="tcp" port="49152-49216"/>
+ <!-- snmp -->
+ <port protocol="udp" port="161"/>
+</service>
+EOF
+
+# enable required services
+firewall-offline-cmd -s ssh
+firewall-offline-cmd -s ovirt
+firewall-offline-cmd -s dhcpv6-client
+
+python -m compileall /usr/share/virt-manager
+
+echo "-w /etc/shadow -p wa" >> /etc/audit/audit.rules
+
+# Workaround for packages needing /etc/ovirt-node-image-release
+ln -s /etc/system-release /etc/ovirt-node-image-release
+
+#Add some upstream specific rwtab entries
+cat >> /etc/rwtab.d/ovirt << \EOF_rwtab_ovirt2
+dirs /root/.virt-manager
+dirs /admin/.virt-manager
+EOF_rwtab_ovirt2
+
+# create .virt-manager directories for readonly root
+mkdir -p /root/.virt-manager /home/admin/.virt-manager
+
+#symlink virt-manager-tui pointer file to .pyc version
+sed -i "s/tui.py/tui.pyc/g" /usr/bin/virt-manager-tui
+
diff --git a/ovirt18-install.ks b/ovirt18-install.ks
new file mode 100644
index 0000000..258cbdd
--- /dev/null
+++ b/ovirt18-install.ks
@@ -0,0 +1 @@
+services --enabled=auditd,ntpd,ntpdate,iptables,network,rsyslog,multipathd,snmpd,ovirt-early,ovirt,ovirt-post,ovirt-kdump,anyterm,collectd,libvirtd,cgconfig,mcelog,tuned --disabled=kdump
diff --git a/ovirt18-minimizer.ks b/ovirt18-minimizer.ks
new file mode 100644
index 0000000..8866255
--- /dev/null
+++ b/ovirt18-minimizer.ks
@@ -0,0 +1,37 @@
+# Fedora specific image minimization
+
+# qemu minimization
+droprpm qemu-system-alpha
+droprpm qemu-system-arm
+droprpm qemu-system-cris
+droprpm qemu-system-lm32
+droprpm qemu-system-m68k
+droprpm qemu-system-microblaze
+droprpm qemu-system-mips
+droprpm qemu-system-or32
+droprpm qemu-system-ppc
+droprpm qemu-system-s390x
+droprpm qemu-system-sh4
+droprpm qemu-system-sparc
+droprpm qemu-system-unicore
+droprpm qemu-system-xtensa
+droprpm qemu-user
+
+# libguestfs related minimization
+# The following rpms can be dropped and don't harm libguestfs too much
+droprpm SLOF
+droprpm cups-libs
+droprpm ghostscript
+droprpm ghostscript-fonts
+droprpm fuse
+droprpm fuse-libs
+droprpm gfs2-utils
+droprpm hfsplus-tools
+droprpm lcms2
+droprpm libXfont
+droprpm libXt
+droprpm libfontenc
+droprpm xorg-x11-font-utils
+droprpm man-db
+droprpm zerofree
+droprpm firewalld
diff --git a/ovirt18-pkgs.ks b/ovirt18-pkgs.ks
new file mode 100644
index 0000000..3e42e8c
--- /dev/null
+++ b/ovirt18-pkgs.ks
@@ -0,0 +1,10 @@
+%include fedora-pkgs.ks
+grub-efi
+grub2-efi
+firewalld
+selinux-policy-devel
+shim
+# qlogic firmware
+ql2400-firmware
+ql2500-firmware
+linux-firmware
diff --git a/ovirt18-post.ks b/ovirt18-post.ks
new file mode 100644
index 0000000..3199c05
--- /dev/null
+++ b/ovirt18-post.ks
@@ -0,0 +1,73 @@
+# ovirt-install-node-stateless
+# ovirt_setup_libvirtd()
+ # just to get a boot warning to shut up
+ touch /etc/resolv.conf
+
+ # set up qemu daemon to allow outside VNC connections
+ sed -i -e 's/^[[:space:]]*#[[:space:]]*\(vnc_listen = "0.0.0.0"\).*/\1/' \
+ /etc/libvirt/qemu.conf
+
+ # disable mdns/avahi
+ sed -i -e 's/^[[:space:]]*#[[:space:]]*\(mdns_adv = 0\).*/\1/' \
+ /etc/libvirt/qemu.conf
+
+#ovirt_setup_anyterm()
+ # configure anyterm
+ cat >> /etc/sysconfig/anyterm << \EOF_anyterm
+ANYTERM_CMD="sudo /usr/bin/virsh console %p"
+ANYTERM_LOCAL_ONLY=false
+EOF_anyterm
+
+ # permit it to run the virsh console
+ echo "anyterm ALL=NOPASSWD: /usr/bin/virsh console *" >> /etc/sudoers
+
+# systemd configuration
+# set default runlevel to multi-user(3)
+
+rm -rf /etc/systemd/system/default.target
+ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+systemctl enable ovirt-firstboot.service >/dev/null 2>&1
+systemctl enable ovirt-kdump.service >/dev/null 2>&1
+
+echo "Configuring IPTables"
+# here, we need to punch the appropriate holes in the firewall
+cat > /usr/lib/firewalld/services/ovirt.xml << \EOF
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+ <short>ovirt-node</short>
+ <description>This service opens necessary ports for ovirt-node operations</description>
+ <!-- libvirt tls -->
+ <port protocol="tcp" port="16514"/>
+ <!-- guest consoles -->
+ <port protocol="tcp" port="5634-6166"/>
+ <!-- migration -->
+ <port protocol="tcp" port="49152-49216"/>
+ <!-- snmp -->
+ <port protocol="udp" port="161"/>
+</service>
+EOF
+
+# enable required services
+firewall-offline-cmd -s ssh
+firewall-offline-cmd -s ovirt
+firewall-offline-cmd -s dhcpv6-client
+
+python -m compileall /usr/share/virt-manager
+
+echo "-w /etc/shadow -p wa" >> /etc/audit/audit.rules
+
+# Workaround for packages needing /etc/ovirt-node-image-release
+ln -s /etc/system-release /etc/ovirt-node-image-release
+
+#Add some upstream specific rwtab entries
+cat >> /etc/rwtab.d/ovirt << \EOF_rwtab_ovirt2
+dirs /root/.virt-manager
+dirs /admin/.virt-manager
+EOF_rwtab_ovirt2
+
+# create .virt-manager directories for readonly root
+mkdir -p /root/.virt-manager /home/admin/.virt-manager
+
+#symlink virt-manager-tui pointer file to .pyc version
+sed -i "s/tui.py/tui.pyc/g" /usr/bin/virt-manager-tui
+
diff --git a/ovirt19-install.ks b/ovirt19-install.ks
new file mode 100644
index 0000000..258cbdd
--- /dev/null
+++ b/ovirt19-install.ks
@@ -0,0 +1 @@
+services --enabled=auditd,ntpd,ntpdate,iptables,network,rsyslog,multipathd,snmpd,ovirt-early,ovirt,ovirt-post,ovirt-kdump,anyterm,collectd,libvirtd,cgconfig,mcelog,tuned --disabled=kdump
diff --git a/ovirt19-minimizer.ks b/ovirt19-minimizer.ks
new file mode 100644
index 0000000..8866255
--- /dev/null
+++ b/ovirt19-minimizer.ks
@@ -0,0 +1,37 @@
+# Fedora specific image minimization
+
+# qemu minimization
+droprpm qemu-system-alpha
+droprpm qemu-system-arm
+droprpm qemu-system-cris
+droprpm qemu-system-lm32
+droprpm qemu-system-m68k
+droprpm qemu-system-microblaze
+droprpm qemu-system-mips
+droprpm qemu-system-or32
+droprpm qemu-system-ppc
+droprpm qemu-system-s390x
+droprpm qemu-system-sh4
+droprpm qemu-system-sparc
+droprpm qemu-system-unicore
+droprpm qemu-system-xtensa
+droprpm qemu-user
+
+# libguestfs related minimization
+# The following rpms can be dropped and don't harm libguestfs too much
+droprpm SLOF
+droprpm cups-libs
+droprpm ghostscript
+droprpm ghostscript-fonts
+droprpm fuse
+droprpm fuse-libs
+droprpm gfs2-utils
+droprpm hfsplus-tools
+droprpm lcms2
+droprpm libXfont
+droprpm libXt
+droprpm libfontenc
+droprpm xorg-x11-font-utils
+droprpm man-db
+droprpm zerofree
+droprpm firewalld
diff --git a/ovirt19-pkgs.ks b/ovirt19-pkgs.ks
new file mode 100644
index 0000000..31f2652
--- /dev/null
+++ b/ovirt19-pkgs.ks
@@ -0,0 +1,15 @@
+%include fedora-pkgs.ks
+grub2-efi
+firewalld
+selinux-policy-devel
+shim
+# qlogic firmware
+linux-firmware
+iptables
+net-tools
+vconfig
+aic94xx-firmware
+bfa-firmware
+
+# Explicitly add these package, to prevent yum from pulling in the debug versions
+kernel-modules-extra
diff --git a/ovirt19-post.ks b/ovirt19-post.ks
new file mode 100644
index 0000000..ab2ae18
--- /dev/null
+++ b/ovirt19-post.ks
@@ -0,0 +1,109 @@
+# ovirt-install-node-stateless
+# ovirt_setup_libvirtd()
+ # just to get a boot warning to shut up
+ touch /etc/resolv.conf
+
+ # set up qemu daemon to allow outside VNC connections
+ sed -i -e 's/^[[:space:]]*#[[:space:]]*\(vnc_listen = "0.0.0.0"\).*/\1/' \
+ /etc/libvirt/qemu.conf
+
+ # disable mdns/avahi
+ sed -i -e 's/^[[:space:]]*#[[:space:]]*\(mdns_adv = 0\).*/\1/' \
+ /etc/libvirt/qemu.conf
+
+#ovirt_setup_anyterm()
+ # configure anyterm
+ cat >> /etc/sysconfig/anyterm << \EOF_anyterm
+ANYTERM_CMD="sudo /usr/bin/virsh console %p"
+ANYTERM_LOCAL_ONLY=false
+EOF_anyterm
+
+ # permit it to run the virsh console
+ echo "anyterm ALL=NOPASSWD: /usr/bin/virsh console *" >> /etc/sudoers
+
+# systemd configuration
+# set default runlevel to multi-user(3)
+
+rm -rf /etc/systemd/system/default.target
+ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+systemctl enable ovirt-firstboot.service >/dev/null 2>&1
+
+echo "Configuring IPTables"
+# here, we need to punch the appropriate holes in the firewall
+# disabled until ovirt-engine supports firewalld
+
+#cat > /usr/lib/firewalld/services/ovirt.xml << \EOF
+#<?xml version="1.0" encoding="utf-8"?>
+#<service>
+# <short>ovirt-node</short>
+# <description>This service opens necessary ports for ovirt-node operations</description>
+# <!-- libvirt tls -->
+# <port protocol="tcp" port="16514"/>
+# <!-- guest consoles -->
+# <port protocol="tcp" port="5634-6166"/>
+# <!-- migration -->
+# <port protocol="tcp" port="49152-49216"/>
+# <!-- snmp -->
+# <port protocol="udp" port="161"/>
+#</service>
+#EOF
+
+# enable required services
+#firewall-offline-cmd -s ssh
+#firewall-offline-cmd -s ovirt
+#firewall-offline-cmd -s dhcpv6-client
+
+cat > /etc/sysconfig/iptables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+#vdsm
+-A INPUT -p tcp --dport 54321 -j ACCEPT
+# libvirt tls
+-A INPUT -p tcp --dport 16514 -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+#
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+EOF
+# configure IPv6 firewall, default is all ACCEPT
+cat > /etc/sysconfig/ip6tables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+# unblock ipv6 dhcp response
+-A INPUT -p udp --dport 546 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp6-adm-prohibited
+COMMIT
+EOF
+echo "-w /etc/shadow -p wa" >> /etc/audit/audit.rules
+
+# Workaround for packages needing /etc/ovirt-node-image-release
+ln -s /etc/system-release /etc/ovirt-node-image-release
diff --git a/ovirt20-install.ks b/ovirt20-install.ks
new file mode 100644
index 0000000..258cbdd
--- /dev/null
+++ b/ovirt20-install.ks
@@ -0,0 +1 @@
+services --enabled=auditd,ntpd,ntpdate,iptables,network,rsyslog,multipathd,snmpd,ovirt-early,ovirt,ovirt-post,ovirt-kdump,anyterm,collectd,libvirtd,cgconfig,mcelog,tuned --disabled=kdump
diff --git a/ovirt20-minimizer.ks b/ovirt20-minimizer.ks
new file mode 100644
index 0000000..8866255
--- /dev/null
+++ b/ovirt20-minimizer.ks
@@ -0,0 +1,37 @@
+# Fedora specific image minimization
+
+# qemu minimization
+droprpm qemu-system-alpha
+droprpm qemu-system-arm
+droprpm qemu-system-cris
+droprpm qemu-system-lm32
+droprpm qemu-system-m68k
+droprpm qemu-system-microblaze
+droprpm qemu-system-mips
+droprpm qemu-system-or32
+droprpm qemu-system-ppc
+droprpm qemu-system-s390x
+droprpm qemu-system-sh4
+droprpm qemu-system-sparc
+droprpm qemu-system-unicore
+droprpm qemu-system-xtensa
+droprpm qemu-user
+
+# libguestfs related minimization
+# The following rpms can be dropped and don't harm libguestfs too much
+droprpm SLOF
+droprpm cups-libs
+droprpm ghostscript
+droprpm ghostscript-fonts
+droprpm fuse
+droprpm fuse-libs
+droprpm gfs2-utils
+droprpm hfsplus-tools
+droprpm lcms2
+droprpm libXfont
+droprpm libXt
+droprpm libfontenc
+droprpm xorg-x11-font-utils
+droprpm man-db
+droprpm zerofree
+droprpm firewalld
diff --git a/ovirt20-pkgs.ks b/ovirt20-pkgs.ks
new file mode 100644
index 0000000..31f2652
--- /dev/null
+++ b/ovirt20-pkgs.ks
@@ -0,0 +1,15 @@
+%include fedora-pkgs.ks
+grub2-efi
+firewalld
+selinux-policy-devel
+shim
+# qlogic firmware
+linux-firmware
+iptables
+net-tools
+vconfig
+aic94xx-firmware
+bfa-firmware
+
+# Explicitly add these package, to prevent yum from pulling in the debug versions
+kernel-modules-extra
diff --git a/ovirt20-post.ks b/ovirt20-post.ks
new file mode 100644
index 0000000..ab2ae18
--- /dev/null
+++ b/ovirt20-post.ks
@@ -0,0 +1,109 @@
+# ovirt-install-node-stateless
+# ovirt_setup_libvirtd()
+ # just to get a boot warning to shut up
+ touch /etc/resolv.conf
+
+ # set up qemu daemon to allow outside VNC connections
+ sed -i -e 's/^[[:space:]]*#[[:space:]]*\(vnc_listen = "0.0.0.0"\).*/\1/' \
+ /etc/libvirt/qemu.conf
+
+ # disable mdns/avahi
+ sed -i -e 's/^[[:space:]]*#[[:space:]]*\(mdns_adv = 0\).*/\1/' \
+ /etc/libvirt/qemu.conf
+
+#ovirt_setup_anyterm()
+ # configure anyterm
+ cat >> /etc/sysconfig/anyterm << \EOF_anyterm
+ANYTERM_CMD="sudo /usr/bin/virsh console %p"
+ANYTERM_LOCAL_ONLY=false
+EOF_anyterm
+
+ # permit it to run the virsh console
+ echo "anyterm ALL=NOPASSWD: /usr/bin/virsh console *" >> /etc/sudoers
+
+# systemd configuration
+# set default runlevel to multi-user(3)
+
+rm -rf /etc/systemd/system/default.target
+ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+systemctl enable ovirt-firstboot.service >/dev/null 2>&1
+
+echo "Configuring IPTables"
+# here, we need to punch the appropriate holes in the firewall
+# disabled until ovirt-engine supports firewalld
+
+#cat > /usr/lib/firewalld/services/ovirt.xml << \EOF
+#<?xml version="1.0" encoding="utf-8"?>
+#<service>
+# <short>ovirt-node</short>
+# <description>This service opens necessary ports for ovirt-node operations</description>
+# <!-- libvirt tls -->
+# <port protocol="tcp" port="16514"/>
+# <!-- guest consoles -->
+# <port protocol="tcp" port="5634-6166"/>
+# <!-- migration -->
+# <port protocol="tcp" port="49152-49216"/>
+# <!-- snmp -->
+# <port protocol="udp" port="161"/>
+#</service>
+#EOF
+
+# enable required services
+#firewall-offline-cmd -s ssh
+#firewall-offline-cmd -s ovirt
+#firewall-offline-cmd -s dhcpv6-client
+
+cat > /etc/sysconfig/iptables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+#vdsm
+-A INPUT -p tcp --dport 54321 -j ACCEPT
+# libvirt tls
+-A INPUT -p tcp --dport 16514 -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+#
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+EOF
+# configure IPv6 firewall, default is all ACCEPT
+cat > /etc/sysconfig/ip6tables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+# unblock ipv6 dhcp response
+-A INPUT -p udp --dport 546 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp6-adm-prohibited
+COMMIT
+EOF
+echo "-w /etc/shadow -p wa" >> /etc/audit/audit.rules
+
+# Workaround for packages needing /etc/ovirt-node-image-release
+ln -s /etc/system-release /etc/ovirt-node-image-release
diff --git a/rhevh6-install.ks b/rhevh6-install.ks
new file mode 100644
index 0000000..a97b4a5
--- /dev/null
+++ b/rhevh6-install.ks
@@ -0,0 +1,3 @@
+services --enabled=auditd,ntpd,ntpdate,iptables,network,rsyslog,multipathd,snmpd,ovirt-early,ovirt-post,ovirt-cim,cgconfig,mcelog,tuned --disabled=netfs,ovirt-awake,libvirt-guests,libvirtd,kdump
+
+
diff --git a/rhevh6-minimizer.ks b/rhevh6-minimizer.ks
new file mode 100644
index 0000000..e2ef3cb
--- /dev/null
+++ b/rhevh6-minimizer.ks
@@ -0,0 +1,7 @@
+# RHEL specific image minimization
+droprpm cvs
+droprpm gettext
+droprpm hesiod
+droprpm procmail
+droprpm sendmail
+drop /etc/rc.d/init.d/libvirt-guests
diff --git a/rhevh6-pkgs.ks b/rhevh6-pkgs.ks
new file mode 100644
index 0000000..72ac759
--- /dev/null
+++ b/rhevh6-pkgs.ks
@@ -0,0 +1,20 @@
+# remove
+-redhat-release-notes
+# rhbz#641494 RFE - add libguestfs
+libguestfs-winsupport
+ltrace
+vhostmd
+# keyboard layout
+system-config-keyboard-base
+# qlogic firmware
+ql2100-firmware
+ql2200-firmware
+ql23xx-firmware
+ql2400-firmware
+ql2500-firmware
+aic94xx-firmware
+bfa-firmware
+vconfig
+#default plugins
+ovirt-node-plugin-snmp
+ovirt-node-plugin-cim
diff --git a/rhevh6-post.ks b/rhevh6-post.ks
new file mode 100644
index 0000000..d943575
--- /dev/null
+++ b/rhevh6-post.ks
@@ -0,0 +1,219 @@
+%include version.ks
+
+# add RHEV-H rwtab locations
+mkdir -p /rhev
+cat > /etc/rwtab.d/rhev << EOF_RWTAB_RHEVH
+dirs /var/db
+EOF_RWTAB_RHEVH
+
+# minimal lsb_release for bz#549147
+cat > /usr/bin/lsb_release <<\EOF_LSB
+#!/bin/sh
+if [ "$1" = "-r" ]; then
+ printf "Release:\t$(cat /etc/rhev-hypervisor-release | awk '{print $7}')\n"
+else
+ echo RedHatEnterpriseVirtualizationHypervisor
+fi
+EOF_LSB
+chmod +x /usr/bin/lsb_release
+
+# CPE name rhbz#593463
+MAJORVER=${VERSION%%.*}
+MINORVER=${VERSION##*.}
+cat > /etc/system-release-cpe <<EOF_CPE
+cpe:/o:redhat:enterprise_linux:${MAJORVER}:update${MINORVER}:hypervisor${TYPE}
+EOF_CPE
+
+echo "Configuring IPTables"
+# here, we need to punch the appropriate holes in the firewall
+cat > /etc/sysconfig/iptables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# libvirt tls
+-A INPUT -p tcp --dport 16514 -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+#
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+EOF
+# configure IPv6 firewall, default is all ACCEPT
+cat > /etc/sysconfig/ip6tables << \EOF
+# oVirt automatically generated firewall configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+# libvirt tls
+-A INPUT -p tcp --dport 16514 -j ACCEPT
+# SSH
+-A INPUT -p tcp --dport 22 -j ACCEPT
+# guest consoles
+-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
+# migration
+-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
+# snmp
+-A INPUT -p udp --dport 161 -j ACCEPT
+# unblock ipv6 dhcp response
+-A INPUT -p udp --dport 546 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
+-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp6-adm-prohibited
+COMMIT
+EOF
+
+# remove errors from /sbin/dhclient-script
+DHSCRIPT=/sbin/dhclient-script
+sed -i 's/mv /cp -p /g' $DHSCRIPT
+sed -i '/rm -f.*${interface}/d' $DHSCRIPT
+sed -i '/rm -f \/etc\/localtime/d' $DHSCRIPT
+sed -i '/rm -f \/etc\/ntp.conf/d' $DHSCRIPT
+sed -i '/rm -f \/etc\/yp.conf/d' $DHSCRIPT
+
+# prevent node from hanging on reboot due to /etc mounts
+patch -d /etc/init.d/ -p0 << \EOF_halt
+--- halt.orig 2009-12-05 00:44:29.000000000 +0000
++++ halt 2010-03-24 18:12:36.000000000 +0000
+@@ -138,7 +138,7 @@
+ $"Unmounting pipe file systems (retry): " \
+ -f
+
+-LANG=C __umount_loop '$2 ~ /^\/$|^\/proc|^\/dev/{next}
++LANG=C __umount_loop '$2 ~ /^\/$|^\/proc|^\/etc|^\/dev/{next}
+ $3 == "tmpfs" || $3 == "proc" {print $2 ; next}
+ /(loopfs|autofs|nfs|cifs|smbfs|ncpfs|sysfs|^none|^\/dev\/ram|^\/dev\/root$)/ {next}
+ {print $2}' /proc/mounts \
+EOF_halt
+
+# rhbz#675868
+# Modify rc.sysinit
+patch -d /etc/rc.d -p0 << \EOF_rc_sysinit
+--- rc.sysinit.orig 2012-09-11 09:41:22.545431354 +0530
++++ rc.sysinit 2012-09-11 09:52:59.619523468 +0530
+@@ -43,7 +43,7 @@
+ fi
+
+ if [ -n "$SELINUX_STATE" -a -x /sbin/restorecon ] && __fgrep " /dev " /proc/mounts >/dev/null 2>&1 ; then
+- /sbin/restorecon -R -F /dev 2>/dev/null
++ /sbin/restorecon -e /dev/.initramfs -R /dev 2>/dev/null
+ fi
+
+ disable_selinux() {
+@@ -497,9 +497,9 @@
+ # filesystems are NOT unmounted in single user mode.
+ # The 'no' applies to all listed filesystem types. See mount(8).
+ if [ "$READONLY" != "yes" ] ; then
+- action $"Mounting local filesystems: " mount -a -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2 -O no_netdev
++ action $"Mounting local filesystems: " mount -a -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2,noproc,nosysfs,nodevpts -O no_netdev
+ else
+- action $"Mounting local filesystems: " mount -a -n -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2 -O no_netdev
++ action $"Mounting local filesystems: " mount -a -n -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2,noproc,nosysfs,nodevpts -O no_netdev
+ fi
+
+ # Update quotas if necessary
+EOF_rc_sysinit
+
+# rhbz#675868
+# Modify start_udev
+patch -d /sbin -p0 << \EOF_start_udev
+--- start_udev.orig 2011-03-30 12:32:03.000000000 +0000
++++ start_udev 2011-09-02 17:16:57.954610422 +0000
+@@ -121,7 +121,7 @@
+ #/bin/chown root:root /dev/fuse
+
+ if [ -x /sbin/restorecon ]; then
+- /sbin/restorecon -R /dev
++ /sbin/restorecon -e /dev/.initramfs -R /dev
+ fi
+
+ if [ -x "$MAKEDEV" ]; then
+EOF_start_udev
+
+# rhbz#734478 add virt-who (*.py are removed in rhevh image)
+cat > /usr/bin/virt-who <<EOF_virt_who
+#!/bin/sh
+exec /usr/bin/python /usr/share/virt-who/virt-who.pyc "\$@"
+EOF_virt_who
+
+# set maxlogins to 3
+echo "* - maxlogins 3" >> /etc/security/limits.conf
+
+# rhbz#738170
+patch -d /sbin -p0 << \EOF_mkdumprd
+--- /sbin/mkdumprd.orig 2011-10-06 06:37:49.000000000 +0000
++++ /sbin/mkdumprd 2011-11-01 04:21:19.000000000 +0000
+@@ -583,7 +583,7 @@
+ eth*.*)
+ modalias=8021q
+ ;;
+- br*)
++ rhevm|br*)
+ modalias=bridge
+ ;;
+ *)
+@@ -756,7 +756,7 @@
+ echo >> $MNTIMAGE/etc/ifcfg-$dev
+ echo "BUS_ID=\"Bonding\"" >> $MNTIMAGE/etc/ifcfg-$dev
+ ;;
+- br*)
++ rhevm|br*)
+ for j in `ls /sys/class/net/$dev/brif`
+ do
+ handlenetdev $j
+
+EOF_mkdumprd
+
+patch -d /etc/init.d -p0 << \EOF_functions
+--- functions.orig 2014-01-03 21:22:50.061036793 -0500
++++ functions 2014-01-03 21:22:06.169959322 -0500
+@@ -91,9 +91,9 @@
+ remaining=$(LC_ALL=C awk "/^#/ {next} $1" "$2" | sort -r)
+ while [ -n "$remaining" -a "$retry" -gt 0 ]; do
+ if [ "$retry" -eq 3 ]; then
+- action "$3" fstab-decode umount $remaining
++ action "$3" fstab-decode umount -n $remaining
+ else
+- action "$4" fstab-decode umount $5 $remaining
++ action "$4" fstab-decode umount -n $5 $remaining
+ fi
+ count=4
+ remaining=$(LC_ALL=C awk "/^#/ {next} $1" "$2" | sort -r)
+EOF_functions
+
+patch -d /sbin -p0 << \EOF_mkdumprd
+--- mkdumprd.orig 2014-01-16 08:57:48.002090191 -0500
++++ mkdumprd 2014-01-16 08:58:29.419306913 -0500
+@@ -3634,7 +3634,7 @@
+ #test nfs mount and directory creation
+ rlocation=`echo $DUMP_TARGET | sed 's/.*:/'"$remoteip"':/'`
+ tmnt=`mktemp -dq`
+- kdump_chk "mount -t $USING_METHOD -o nolock -o tcp $rlocation $tmnt" \
++ kdump_chk "mount -n -t $USING_METHOD -o nolock -o tcp $rlocation $tmnt" \
+ "Bad NFS mount $DUMP_TARGET"
+ kdump_chk "mkdir -p $tmnt/$SAVE_PATH" "Read only NFS mount $DUMP_TARGET"
+ kdump_chk "touch $tmnt/$SAVE_PATH/testfile" "Read only NFS mount $DUMP_TARGET"
+@@ -3645,7 +3645,7 @@
+ available_size=$(df -P $tdir | tail -1 | tr -s ' ' ':' | cut -d: -f5)
+
+ rm -rf $tdir
+- umount -f $tmnt
++ umount -n -f $tmnt
+ if [ $? != 0 ]; then
+ rmdir $tmnt
+ echo "Cannot unmount the temporary directory"
+EOF_mkdumprd
diff --git a/rhevh7-install.ks b/rhevh7-install.ks
new file mode 100644
index 0000000..a97b4a5
--- /dev/null
+++ b/rhevh7-install.ks
@@ -0,0 +1,3 @@
+services --enabled=auditd,ntpd,ntpdate,iptables,network,rsyslog,multipathd,snmpd,ovirt-early,ovirt-post,ovirt-cim,cgconfig,mcelog,tuned --disabled=netfs,ovirt-awake,libvirt-guests,libvirtd,kdump
+
+
diff --git a/rhevh7-minimizer.ks b/rhevh7-minimizer.ks
new file mode 100644
index 0000000..e2ef3cb
--- /dev/null
+++ b/rhevh7-minimizer.ks
@@ -0,0 +1,7 @@
+# RHEL specific image minimization
+droprpm cvs
+droprpm gettext
+droprpm hesiod
+droprpm procmail
+droprpm sendmail
+drop /etc/rc.d/init.d/libvirt-guests
diff --git a/rhevh7-pkgs.ks b/rhevh7-pkgs.ks
new file mode 100644
index 0000000..6ea8ed6
--- /dev/null
+++ b/rhevh7-pkgs.ks
@@ -0,0 +1,18 @@
+# remove
+
+# rhbz#641494 RFE - add libguestfs
+libguestfs-winsupport
+
+ltrace
+vhostmd
+firewalld
+
+# keyboard layout
+system-config-keyboard-base
+
+# firmware
+linux-firmware
+
+#default plugins
+ovirt-node-plugin-snmp
+ovirt-node-plugin-cim
diff --git a/rhevh7-post.ks b/rhevh7-post.ks
new file mode 100644
index 0000000..d3193a3
--- /dev/null
+++ b/rhevh7-post.ks
@@ -0,0 +1,42 @@
+%include version.ks
+
+# add RHEV-H rwtab locations
+mkdir -p /rhev
+cat > /etc/rwtab.d/rhev << EOF_RWTAB_RHEVH
+dirs /var/db
+EOF_RWTAB_RHEVH
+
+# minimal lsb_release for bz#549147
+cat > /usr/bin/lsb_release <<\EOF_LSB
+#!/bin/sh
+if [ "$1" = "-r" ]; then
+ printf "Release:\t$(cat /etc/rhev-hypervisor-release | awk '{print $7}')\n"
+else
+ echo RedHatEnterpriseVirtualizationHypervisor
+fi
+EOF_LSB
+chmod +x /usr/bin/lsb_release
+
+# CPE name rhbz#593463
+MAJORVER=${VERSION%%.*}
+MINORVER=${VERSION##*.}
+cat > /etc/system-release-cpe <<EOF_CPE
+cpe:/o:redhat:enterprise_linux:${MAJORVER}:update${MINORVER}:hypervisor${TYPE}
+EOF_CPE
+
+# remove errors from /sbin/dhclient-script
+DHSCRIPT=/sbin/dhclient-script
+sed -i 's/mv /cp -p /g' $DHSCRIPT
+sed -i '/rm -f.*${interface}/d' $DHSCRIPT
+sed -i '/rm -f \/etc\/localtime/d' $DHSCRIPT
+sed -i '/rm -f \/etc\/ntp.conf/d' $DHSCRIPT
+sed -i '/rm -f \/etc\/yp.conf/d' $DHSCRIPT
+
+# rhbz#734478 add virt-who (*.py are removed in rhevh image)
+cat > /usr/bin/virt-who <<EOF_virt_who
+#!/bin/sh
+exec /usr/bin/python /usr/share/virt-who/virt-who.pyc "\$@"
+EOF_virt_who
+
+# set maxlogins to 3
+echo "* - maxlogins 3" >> /etc/security/limits.conf
diff --git a/version.ks b/version.ks
new file mode 100644
index 0000000..921b686
--- /dev/null
+++ b/version.ks
@@ -0,0 +1,5 @@
+PRODUCT='oVirt Node Hypervisor'
+PRODUCT_SHORT='oVirt Node Hypervisor'
+PACKAGE=ovirt-node-iso
+VERSION=3.1.0
+RELEASE=0.999.201403111051.fc20
--
To view, visit http://gerrit.ovirt.org/27162
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I97e6c539409fec44afac990daae04ef00f116573
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node-iso
Gerrit-Branch: master
Gerrit-Owner: Ryan Barry <rbarry at redhat.com>
More information about the node-patches
mailing list