In cloud Images we do this becaue it's generally accepted that
in a cloud environment there are higher level firewall constructs
(i.e. security groups).
This bit was cargo culted from the old school Fedora Cloud image, but we have
also been using `net.ifnames=0` on the kernel command line, which ensures that
we get `eth0` as "the" NIC name. (There's a huge amount of history behind
this and I'm not trying to change that behavior here)
The problem is that those udev rules do *other* things that we do want, such as
ensure that `veth` devices get `NM_CONTROLLED=no`. Without that e.g.
NetworkManager might try to do DHCP on those devices, which is at best slow
since they appear and disappear frequently, and at worst risks the host network
configuration.
For more information, see [RH bz#1503347](https://bugzilla.redhat.com/show_bug.cgi?id=1503347)
Signed-off-by: Colin Walters <walters@verbum.org>
We don't include firstboot in AH, we use cloud-init, so nothing
is ever going to parse this. Drop it, since it shows up as a delta
in `ostree admin config-diff`, and further we want to reduce the
amount of stuff in this ks.
Signed-off-by: Colin Walters <walters@verbum.org>
The `setup` package has this same content, let's not duplicate it. The only
difference between them today is trailing whitespace in our version.
Just trying to reduce the amount of stuff we do here to avoid deltas with bare
metal installs, containers, etc.
Signed-off-by: Colin Walters <walters@verbum.org>
While booting Atomic cloudImage, we want to see kernel messages
on both VGA and serial console. It works fine with
tty1(vga console) and ttyS0(serial console) on x86_64 arch.
But, aarch64 and ppc64le doesn't use ttyS0 as serial console.
Instead, they use ttyAMA0(aarch64) and hvc0 (ppc64le).
Also, good point is that if a serial console specified in kernel
boot parameter is not supported on a given hardware platform, it
gets ignored. For example: console=ttyAMA0 and console=hvc0 will
get ignored on x86_64
Fixes: https://pagure.io/atomic-wg/issue/347
Signed-off-by: Sinny Kumari <sinny@redhat.com>
Building Fedora Atomic CloudImage on architectures like
aarch64 and ppc64le needs platform specific partitions as well.
Issue - https://pagure.io/atomic-wg/issue/299#comment-449243
Signed-off-by: Sinny Kumari <sinny@redhat.com>
See https://pagure.io/atomic-wg/issue/281
This causes us to match the productimg setup. At some point hopefully we can use
`autopart` and not duplicate it.
This reverts commit 295519948bf7fb0b64cd5071b4e25d50efb8ef01.
Now that the upstream fix [1] has been merged and a new version of
anaconda is in rawhide, we can revert this workaround.
[1] https://github.com/rhinstaller/anaconda/pull/1126
Taking the first step towards enabling gpg verification for our
users we'll make it so that the media they download will verify
gpg signatures of commits by default.
The next step is to enable gpg verification during install as well
but there is a race condition where the commit that was just created
might not yet be signed. See [1] for more details.
[1] https://pagure.io/pungi/issue/650
a59dfe5 caused us a few problems:
- sed was breaking the symlink on atomic systems
- /boot/grub2/grub.cfg is not the right file on a UEFI system
- etc..
We'll solve this problem a different way by just not installing
plymouth in our systems, which is another way [1] to make sure
rhgb/quiet don't appear on your kernel command line.
[1] ee91db6fa3/pyanaconda/payload/__init__.py (L722-L726)
similar change was done for docker/cloud in f6ecdc3
cmdline makes it so that %post --erroronfail won't actually stop the
installation in a way that imagefactory will detect the problem and
fail the build. See [1] for more details.
[1] https://github.com/rhinstaller/anaconda/issues/931
Update the trac link to point to the pagure issue. Also
we don't actually want to enable legacy network service.
This was also reverted for f25 in 6f3661e.
* removes the extra ens3 ifcfg that seems to be added
by dracut at some point (cloud base did this in their
ks a year ago in c509863)
* adds net.ifnames=0 to the bootloader line, because
that seems to be necessary to actually disable consistent
device naming
* enables the network service
see https://pagure.io/atomic-wg/issue/174
(cherry picked from commit 5d987e82b3cbe6b6d53871b0652e291ceb1f7e86)
Anaconda is writing an /etc/resolv.conf from the install environment.
The system should start out with an empty file, otherwise cloud-init
will try to use this information and may error:
https://bugs.launchpad.net/cloud-init/+bug/1670052
Due to #1369794 , anaconda cannot currently manipulate sysv
services in F25+. So to work around this, take 'network' out of
the services lines in all kickstarts and instead manipulate
it in the %post section, with chkconfig.
Also remove rsyslog from the Atomic image services line because
it doesn't appear to be included in the OStree tree at present
and so attempting to enable the service breaks Atomic image
compose, see e.g.:
https://kojipkgs.fedoraproject.org//work/tasks/9022/15349022/oz-x86_64.log
also correct the name of the ssh service in fedora-arm-base.ks;
it's sshd not ssh.