onode的kickstart配置-bigluo-ChinaUnix博客

Linux is Powerbigluo.blog.chinaunix.net

首页　| 　博文目录　| 　关于我

bigluo

博客访问： 1401864
博文数量： 343
博客积分： 13098
博客等级：上将
技术积分： 2862
用户组：普通用户
注册时间： 2005-07-06 00:35

文章分类

全部博文（343）

Web Development（2）
Python & Perl（35）
Operating System（8）
Visualization Te（106）
Miscellaneous（10）
Google Android（15）
Motorola EzX（6）
Linux Memory Mgm（10）
Embedded Develop（31）

Embedded Toolcha（5）

Embedded Linux O（9）

Embedded Java（0）

Embedded Hardwar（3）

Embedded Databas（2）

Embedded Browser（0）

Embedded UI Fram（9）

Embedded Multime（3）
C++ Programming（36）
Linux System Adm（76）
Secure Programmi（5）
未分配的博文（3）

文章存档

2012年（131）

2011年（31）

2010年（53）

2009年（23）

2008年（62）

2007年（2）

2006年（36）

2005年（5）

我的朋友

相关博文

onode的kickstart配置

分类：虚拟化

2012-08-06 01:42:33

把node 2.5的kickstart文件dump出来了，后面会分析下：

repo --name=local --baseurl=file:///root/ovirt/ovirt-cache/ovirt
#version=DEVEL
# Firewall configuration
firewall --disabled
repo --name="f17" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-17&arch=x86_64
repo --name="f17-updates" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f17&arch=x86_64
repo --name="ovirt-stable-repo" --baseurl=http://ovirt.org/releases/stable/rpm/Fedora/17
device virtio_blk
device virtio_pci
device scsi_wait_scan
device dm-multipath
device dm-round-robin
device dm-emc
device dm-rdac
device dm-hp-sw
device scsi_dh_rdac
device 3w-9xxx
device 3w-sas
device 3w-xxxx
device a100u2w
device aacraid
device aic79xx
device aic94xx
device arcmsr
device atp870u
device be2iscsi
device bfa
device BusLogic
device cciss
device cxgb3i
device dc395x
device fnic
device gdth
device hpsa
device hptiop
device imm
device initio
device ips
device libosd
device libsas
device libsrp
device lpfc
device megaraid
device megaraid_mbox
device megaraid_mm
device megaraid_sas
device mpt2sas
device mvsas
device osd
device osst
device pm8001
device pmcraid
device qla1280
device qla2xxx
device qla4xxx
device qlogicfas408
device stex
device tmscsim
device ums-sddr09
device ums-realtek
device ums-sddr55
device ums-isd200
device ums-alauda
device ums-freecom
device ums-cypress
device ums-jumpshot
device ums-onetouch
device ums-karma
device ums-usbat
device ums-datafab
device ums-eneub6250
# System authorization information
auth --useshadow --enablemd5
# System keyboard
keyboard us
# System language
lang en_US.UTF-8
# SELinux configuration
selinux --disabled
# Installation logging level
logging --level=info
# System services
services --enabled="auditd,ntpd,ntpdate,iptables,network,rsyslog,multipathd,snmpd,ovirt-early,ovirt,ovirt-post,ovirt-cim,anyterm,collectd,libvirtd,cgconfig"
# System timezone
timezone --isUtc UTC
# System bootloader configuration
bootloader --append="check rootflags=ro crashkernel=512M-2G:64M,2G-:128M elevator=deadline install quiet rd_NO_LVM" --location=mbr --timeout=30
# Disk partitioning information
part / --fstype="ext2" --size=1280
%post
echo "Starting Kickstart Post"
PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH
# cleanup rpmdb to allow non-matching host and chroot RPM versions
rm -f /var/lib/rpm/__db*
echo "Creating shadow files"
# because we aren't installing authconfig, we aren't setting up shadow
# and gshadow properly. Do it by hand here
pwconv
grpconv
echo "Lock root account"
passwd -l root
# set SELinux booleans
# rhbz#502779 restrict certain memory protection operations
# keep allow_execmem on for grub
# rhbz#642209 allow virt images on NFS
semanage boolean -m -S targeted -F /dev/stdin << \EOF_semanage
allow_execstack=0
virt_use_nfs=1
EOF_semanage
# make sure we don't autostart virbr0 on libvirtd startup
rm -f /etc/libvirt/qemu/networks/autostart/default.xml
# rhevh uses libvirtd upstart job, sysv initscript must not interfere
rm -f /etc/rc.d/init.d/libvirtd
# remove the /etc/krb5.conf file; it will be fetched on bootup
rm -f /etc/krb5.conf
# Remove the default logrotate daily cron job
# since we run it every 10 minutes instead.
rm -f /etc/cron.daily/logrotate
# root's bash profile
cat >> /root/.bashrc << \EOF_bashrc
# aliases used for the temporary
function mod_vi() {
/bin/vi $@
restorecon -v $@ >/dev/null 2>&1
}
function mod_yum() {
if [ "$1" == "--force" ]; then
echo $@ > /dev/null
shift
/usr/bin/yum $@
else
printf "\nUsing yum is not supported\n\n"
fi
}
alias ping='ping -c 3'
alias yum="mod_yum"
export MALLOC_CHECK_=1
export LVM_SUPPRESS_FD_WARNINGS=0
EOF_bashrc
# directories required in the image with the correct perms
# config persistance currently handles only regular files
mkdir -p /root/.ssh
chmod 700 /root/.ssh
mkdir -p /boot
mkdir -p /boot-kdump
mkdir -p /config
mkdir -p /data
mkdir -p /data2
mkdir -p /live
mkdir -p /liveos
mkdir -p /root/.uml
mkdir -p /var/cache/multipathd
touch /var/lib/random-seed
echo "/dev/HostVG/Config /config ext4 defaults,noauto,noatime 0 0" >> /etc/fstab
# Create wwids file to prevent an error on boot, rhbz #805570
mkdir -p /etc/multipath
touch /etc/multipath/wwids
chmod 0600 /etc/multipath/wwids
# prepare for STATE_MOUNT in rc.sysinit
augtool << \EOF_readonly-root
set /files/etc/sysconfig/readonly-root/STATE_LABEL CONFIG
set /files/etc/sysconfig/readonly-root/STATE_MOUNT /config
set /files/etc/sysconfig/readonly-root/READONLY yes
save
EOF_readonly-root
# comment out /etc/* entries in rwtab to prevent overlapping mounts
sed -i '/^files \/etc*/ s/^/#/' /etc/rwtab
cat > /etc/rwtab.d/ovirt << \EOF_rwtab_ovirt
files /etc
dirs /var/lib/multipath
dirs /var/lib/net-snmp
dirs /var/lib/dnsmasq
files /root/.ssh
dirs /root/.uml
dirs /root/.virt-manager
dirs /home/admin/.virt-manager
files /var/cache/libvirt
files /var/empty/sshd/etc/localtime
files /var/lib/libvirt
files /var/lib/multipath
files /var/cache/multipathd
empty /mnt
empty /live
files /boot
empty /boot-kdump
empty /cgroup
files /var/lib/yum
files /var/cache/yum
EOF_rwtab_ovirt
# fix iSCSI/LVM startup issue
sed -i 's/node\.session\.initial_login_retry_max.*/node.session.initial_login_retry_max = 60/' /etc/iscsi/iscsid.conf
#lvm.conf should use /dev/mapper and /dev/sdX devices
# and not /dev/dm-X devices
sed -i 's/preferred_names = \[ "^\/dev\/mpath\/", "^\/dev\/mapper\/mpath", "^\/dev\/\[hs\]d" \]/preferred_names = \[ "^\/dev\/mapper", "^\/dev\/\[hsv\]d" \]/g' /etc/lvm/lvm.conf
# unset AUDITD_LANG to prevent boot errors
sed -i '/^AUDITD_LANG*/ s/^/#/' /etc/sysconfig/auditd
# kdump configuration
augtool << \EOF_kdump
set /files/etc/sysconfig/kdump/KDUMP_BOOTDIR /boot-kdump
set /files/etc/sysconfig/kdump/MKDUMPRD_ARGS --allow-missing
save
EOF_kdump
cat > /etc/snmp/snmpd.conf << \EOF_snmpd
master agentx
dontLogTCPWrappersConnects yes
rwuser root auth .1
EOF_snmpd
# add admin user for configuration ui
useradd admin
usermod -G wheel admin
usermod -s /usr/libexec/ovirt-admin-shell admin
echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
# load modules required by crypto swap
cat > /etc/sysconfig/modules/swap-crypt.modules << \EOF_swap-crypt
#!/bin/sh
modprobe aes >/dev/null 2>&1
modprobe dm_mod >/dev/null 2>&1
modprobe dm_crypt >/dev/null 2>&1
modprobe cryptoloop >/dev/null 2>&1
modprobe cbc >/dev/null 2>&1
modprobe sha256 >/dev/null 2>&1
EOF_swap-crypt
chmod +x /etc/sysconfig/modules/swap-crypt.modules
#strip out all unncesssary locales
localedef --list-archive | grep -v -i -E 'en_US.utf8' |xargs localedef --delete-from-archive
mv /usr/lib/locale/locale-archive /usr/lib/locale/locale-archive.tmpl
/usr/sbin/build-locale-archive
# use static RPC ports, to avoid collisions
augtool << \EOF_nfs
set /files/etc/sysconfig/nfs/RQUOTAD_PORT 875
set /files/etc/sysconfig/nfs/LOCKD_TCPPORT 32803
set /files/etc/sysconfig/nfs/LOCKD_UDPPORT 32769
set /files/etc/sysconfig/nfs/MOUNTD_PORT 892
set /files/etc/sysconfig/nfs/STATD_PORT 662
set /files/etc/sysconfig/nfs/STATD_OUTGOING_PORT 2020
save
EOF_nfs
# sosreport fixups for node image:
# use .pyc for plugins enumeration, .py is blacklisted
# include *-release
patch --fuzz 3 -d /usr/lib/python2.*/site-packages/sos -p0 << \EOF_sos_patch
--- sosreport.py.orig 2011-04-07 11:51:40.000000000 +0000
+++ sosreport.py 2011-07-06 13:26:44.000000000 +0000
@@ -428,8 +428,8 @@
# validate and load plugins
for plug in plugins:
- plugbase = plug[:-3]
- if not plug[-3:] == '.py' or plugbase == "__init__":
+ plugbase = plug[:-4]
+ if not plug[-4:] == '.pyc' or plugbase == "__init__":
continue
try:
if GlobalVars.policy.validatePlugin(pluginpath + plug):
--- plugins/general.py.orig 2011-02-09 15:25:48.000000000 +0000
+++ plugins/general.py 2011-07-06 23:13:32.000000000 +0000
@@ -25,8 +25,7 @@
("all_logs", "collect all log files defined in syslog.conf", "", False)]
def setup(self):
- self.addCopySpec("/etc/redhat-release")
- self.addCopySpec("/etc/fedora-release")
+ self.addCopySpec("/etc/*-release")
self.addCopySpec("/etc/inittab")
self.addCopySpec("/etc/sos.conf")
self.addCopySpec("/etc/sysconfig")
EOF_sos_patch
python -m compileall /usr/lib/python2.*/site-packages/sos
# XXX someting is wrong with readonly-root and dracut
# see modules.d/95rootfs-block/mount-root.sh
sed -i "s/defaults,noatime/defaults,ro,noatime/g" /etc/fstab
echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config
#mount kernel debugfs
echo "debugfs /sys/kernel/debug debugfs auto 0 0" >> /etc/fstab
# create .virt-manager directories for readonly root
mkdir -p /root/.virt-manager /home/admin/.virt-manager
#symlink virt-manager-tui pointer file to .pyc version
sed -i "s/tui.py/tui.pyc/g" /usr/bin/virt-manager-tui
#symlink ovirt-config-setup into $PATH
ln -s /usr/libexec/ovirt-config-setup /usr/sbin/setup
#set NETWORKING off by default
augtool << \EOF_NETWORKING
set /files/etc/sysconfig/network/NETWORKING no
save
EOF_NETWORKING
# disable SSH password auth by default
# set ssh timeouts for increased security
augtool << \EOF_sshd_config
set /files/etc/ssh/sshd_config/PasswordAuthentication no
set /files/etc/ssh/sshd_config/ClientAliveInterval 900
set /files/etc/ssh/sshd_config/ClientAliveCountMax 0
save
EOF_sshd_config
#CIM related changes
# set read-only
echo "readonly = true;" > /etc/libvirt-cim.conf
useradd -G sfcb cim
# disable yum repos by default
augtool << \EOF_yum
set /files/etc/yum.repos.d/fedora.repo/fedora/enabled 0
set /files/etc/yum.repos.d/fedora-updates.repo/updates/enabled 0
save
EOF_yum
touch /etc/resolv.conf
# set up qemu daemon to allow outside VNC connections
sed -i -e 's/^[[:space:]]*#[[:space:]]*$vnc_listen = "0.0.0.0"$.*/\1/' \
/etc/libvirt/qemu.conf
# disable mdns/avahi
sed -i -e 's/^[[:space:]]*#[[:space:]]*$mdns_adv = 0$.*/\1/' \
/etc/libvirt/qemu.conf
#ovirt_setup_anyterm()
# configure anyterm
cat >> /etc/sysconfig/anyterm << \EOF_anyterm
ANYTERM_CMD="sudo /usr/bin/virsh console %p"
ANYTERM_LOCAL_ONLY=false
EOF_anyterm
# permit it to run the virsh console
echo "anyterm ALL=NOPASSWD: /usr/bin/virsh console *" >> /etc/sudoers
# systemd configuration
# set default runlevel to multi-user(3)
rm -rf /etc/systemd/system/default.target
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
systemctl enable ovirt-firstboot.service >/dev/null 2>&1
echo "Configuring IPTables"
# here, we need to punch the appropriate holes in the firewall
cat > /etc/sysconfig/iptables << \EOF
# oVirt automatically generated firewall configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
#vdsm
-A INPUT -p tcp --dport 54321 -j ACCEPT
# SSH
-A INPUT -p tcp --dport 22 -j ACCEPT
# guest consoles
-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
# migration
-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
# snmp
-A INPUT -p udp --dport 161 -j ACCEPT
#
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOF
# configure IPv6 firewall, default is all ACCEPT
cat > /etc/sysconfig/ip6tables << \EOF
# oVirt automatically generated firewall configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
# SSH
-A INPUT -p tcp --dport 22 -j ACCEPT
# guest consoles
-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT
# migration
-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
# snmp
-A INPUT -p udp --dport 161 -j ACCEPT
# unblock ipv6 dhcp response
-A INPUT -p udp --dport 546 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
EOF
python -m compileall /usr/share/virt-manager
echo "Configuring SELinux"
# custom module for node specific rules
mkdir /tmp/SELinux
cd /tmp/SELinux
cat > ovirt.te << \EOF_OVIRT_TE
module ovirt 1.0;
require {
type initrc_t;
type initrc_tmp_t;
type mount_t;
type setfiles_t;
type shadow_t;
type unconfined_t;
type passwd_t;
type user_tmp_t;
type var_log_t;
type consoletype_t;
type net_conf_t;
type collectd_t;
type virt_etc_t;
type loadkeys_t;
type initrc_tmp_t;
class file { append mounton open getattr read execute ioctl lock entrypoint write };
class fd { use };
class process { sigchld signull transition noatsecure siginh rlimitinh getattr };
class fifo_file { getattr open read write append lock ioctl };
class filesystem getattr;
class dir { getattr search open read lock ioctl };
class socket { read write };
class tcp_socket { read write };
class udp_socket { read write };
class rawip_socket { read write };
class netlink_socket { read write };
class packet_socket { read write };
class unix_stream_socket { read write create ioctl getattr lock setattr append bind connect getopt setopt shutdown connectto };
class unix_dgram_socket { read write };
class appletalk_socket { read write };
class netlink_route_socket { read write };
class netlink_firewall_socket { read write };
class netlink_tcpdiag_socket { read write };
class netlink_nflog_socket { read write };
class netlink_xfrm_socket { read write };
class netlink_selinux_socket { read write };
class netlink_audit_socket { read write };
class netlink_ip6fw_socket { read write };
class netlink_dnrt_socket { read write };
class netlink_kobject_uevent_socket { read write };
class tun_socket { read write };
class chr_file { getattr read write append ioctl lock open };
class lnk_file { getattr read };
class sock_file { getattr write open append };
}
allow mount_t shadow_t:file mounton;
allow setfiles_t initrc_tmp_t:file append;
allow setfiles_t net_conf_t:file read;
allow consoletype_t var_log_t:file append;
allow passwd_t user_tmp_t:file write;
# Unknown on F17 brctl_t:
#allow brctl_t net_conf_t:file read;
# Suppose because of collectd libvirt plugin
allow collectd_t virt_etc_t:file read;
# Suppose because etc is on tmpfs
allow loadkeys_t initrc_tmp_t:file read;
type ovirt_exec_t;
init_daemon_domain(unconfined_t,ovirt_exec_t)
EOF_OVIRT_TE
cat > ovirt.fc << \EOF_OVIRT_FC
/etc/rc\.d/init\.d/ovirt-firstboot -- gen_context(system_u:object_r:ovirt_exec_t)
/etc/rc\.d/init\.d/ovirt-post -- gen_context(system_u:object_r:ovirt_exec_t)
EOF_OVIRT_FC
make NAME=targeted -f /usr/share/selinux/devel/Makefile
semodule -v -i ovirt.pp
cd /
rm -rf /tmp/SELinux
echo "-w /etc/shadow -p wa" >> /etc/audit/audit.rules
# Workaround for vdsm needing /etc/ovirt-node-image-release
ln -s /etc/system-release /etc/ovirt-node-image-release
%end
%post --nochroot
PRODUCT='oVirt Node Hypervisor'
PRODUCT_SHORT='oVirt Node Hypervisor'
PACKAGE=ovirt-node-iso
VERSION=2.5.0
RELEASE=999.100000.fc17
if [ -f "ovirt-authorized_keys" ]; then
echo "Adding authorized_keys to Image"
mkdir -p $INSTALL_ROOT/root/.ssh
cp -v ovirt-authorized_keys $INSTALL_ROOT/root/.ssh/authorized_keys
chown -R root:root $INSTALL_ROOT/root/.ssh
chmod 755 $INSTALL_ROOT/root/.ssh
chmod 644 $INSTALL_ROOT/root/.ssh/authorized_keys
fi
echo "Fixing boot menu"
# remove quiet from Node bootparams, added by livecd-creator
sed -i -e 's/ quiet//' $LIVE_ROOT/isolinux/isolinux.cfg
# Remove Verify and Boot option
sed -i -e '/label check0/{N;N;N;d;}' $LIVE_ROOT/isolinux/isolinux.cfg
# Rename Boot option to Install or Upgrade
sed -i 's/^ menu label Boot$/ menu label Install or Upgrade/' $LIVE_ROOT/isolinux/isolinux.cfg
# add serial console boot entry
menu=$(mktemp)
awk '
/^label linux0/ { linux0=1 }
linux0==1 && $1=="append" {
append0=$0
}
linux0==1 && $1=="label" && $2!="linux0" {
linux0=2
print "label install (basic video)"
print " menu label Install (Basic Video)"
print " kernel vmlinuz0"
print append0" nomodeset "
print "label serial-console"
print " menu label Install or Upgrade with serial console"
print " kernel vmlinuz0"
print append0" console=ttyS0,115200n8 "
print "label reinstall"
print " menu label Reinstall"
print " kernel vmlinuz0"
print append0" reinstall "
print "label reinstall (basic video)"
print " menu label Reinstall (Basic Video)"
print " kernel vmlinuz0"
print append0" reinstall nomodeset "
print "label reinstall-serial"
print " menu label Reinstall with serial console"
print " kernel vmlinuz0"
print append0" reinstall console=ttyS0,115200n8 "
print "label uninstall"
print " menu label Uninstall"
print " kernel vmlinuz0"
print append0" uninstall "
}
{ print }
' $LIVE_ROOT/isolinux/isolinux.cfg > $menu
# change the title
sed -i -e '/^menu title/d' $menu
echo "say This is the $PRODUCT $VERSION ($RELEASE)" > $LIVE_ROOT/isolinux/isolinux.cfg
echo "menu title ${PRODUCT_SHORT} $VERSION ($RELEASE)" >> $LIVE_ROOT/isolinux/isolinux.cfg
cat $menu >> $LIVE_ROOT/isolinux/isolinux.cfg
rm $menu
cp $INSTALL_ROOT/usr/share/ovirt-node/syslinux-vesa-splash.jpg $LIVE_ROOT/isolinux/splash.jpg
# store image version info in the ISO and rootfs
cat > $LIVE_ROOT/isolinux/version <<EOF
PRODUCT='$PRODUCT'
PRODUCT_SHORT='${PRODUCT_SHORT}'
PRODUCT_CODE=$PRODUCT_CODE
RECIPE_SHA256=$RECIPE_SHA256
RECIPE_RPM=$RECIPE_RPM
PACKAGE=$PACKAGE
VERSION=$VERSION
RELEASE=$RELEASE
EOF
cp $LIVE_ROOT/isolinux/version $INSTALL_ROOT/etc/default/
# overwrite user visible banners with the image versioning info
cat > $INSTALL_ROOT/etc/$PACKAGE-release <<EOF
$PRODUCT release $VERSION ($RELEASE)
EOF
ln -snf $PACKAGE-release $INSTALL_ROOT/etc/redhat-release
ln -snf $PACKAGE-release $INSTALL_ROOT/etc/system-release
cp $INSTALL_ROOT/etc/$PACKAGE-release $INSTALL_ROOT/etc/issue
echo "Kernel \r on an \m (\l)" >> $INSTALL_ROOT/etc/issue
cp $INSTALL_ROOT/etc/issue $INSTALL_ROOT/etc/issue.net
NAME=$(grep CDLABEL $LIVE_ROOT/isolinux/isolinux.cfg |head -n1|sed -r 's/^.*CDLABEL\=([a-zA-Z0-9_\.-]+) .*$/\1/g')
#setup efi boot menu
cat > $LIVE_ROOT/EFI/BOOT/BOOTX64.conf <<EOF
default=0
splashimage=/EFI/BOOT/splash.xpm.gz
timeout 30
hiddenmenu
title Install or Upgrade
kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=512M-2G:64M,2G-:128M elevator=deadline install quiet rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0
initrd /isolinux/initrd0.img
title Install or Upgrade (Basic Video)
kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=512M-2G:64M,2G-:128M elevator=deadline install quiet rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0
initrd /isolinux/initrd0.img
title Install or Upgrade with serial console
kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=512M-2G:64M,2G-:128M elevator=deadline install quiet rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 console=ttyS0,115200n8
initrd /isolinux/initrd0.img
title Reinstall
kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=512M-2G:64M,2G-:128M elevator=deadline install quiet rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall
initrd /isolinux/initrd0.img
title Reinstall (Basic Video)
kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=512M-2G:64M,2G-:128M elevator=deadline install quiet rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall
initrd /isolinux/initrd0.img
title Reinstall with serial console
kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=512M-2G:64M,2G-:128M elevator=deadline install quiet rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 reinstall console=ttyS0,115200n8
initrd /isolinux/initrd0.img
title Uninstall
kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=512M-2G:64M,2G-:128M elevator=deadline install quiet rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 uninstall
initrd /isolinux/initrd0.img
title Start $PRODUCT in basic graphics mode.
kernel /isolinux/vmlinuz0 root=live:CDLABEL=$NAME rootfstype=auto ro liveimg check rootflags=ro crashkernel=512M-2G:64M,2G-:128M elevator=deadline install quiet rd_NO_LVM rd.luks=0 rd.md=0 rd.dm=0 nomodeset
initrd /isolinux/initrd0.img
EOF
%end
%post --interpreter=image-minimizer --nochroot
droprpm system-config-*
keeprpm system-config-keyboard-base
droprpm libsemanage-python
droprpm mkinitrd
droprpm isomd5sum
droprpm checkpolicy
droprpm make
droprpm setools-libs-python
droprpm setools-libs
droprpm gamin
droprpm pm-utils
droprpm usermode
droprpm vbetool
droprpm ConsoleKit
droprpm hdparm
droprpm linux-atm-libs
droprpm mtools
droprpm syslinux
droprpm wireless-tools
droprpm radeontool
droprpm libicu
droprpm gnupg2
droprpm fedora-release-notes
droprpm fedora-logos
# rhbz#641494 - drop unnecessary rpms pulled in from libguestfs-winsupport
droprpm fakechroot
droprpm fakechroot-libs
droprpm fakeroot
droprpm fakeroot-libs
droprpm febootstrap
# cronie pulls in exim (sendmail) which pulls in all kinds of perl deps
droprpm exim
droprpm perl*
# keep libperl for snmpd
keeprpm perl-libs
droprpm postfix
droprpm mysql*
droprpm sysklogd
# pam complains when this is missing
keeprpm ConsoleKit-libs
# kernel modules minimization
# filesystems
drop /lib/modules/*/kernel/fs
keep /lib/modules/*/kernel/fs/ext*
keep /lib/modules/*/kernel/fs/mbcache*
keep /lib/modules/*/kernel/fs/squashfs
keep /lib/modules/*/kernel/fs/jbd*
keep /lib/modules/*/kernel/fs/btrfs
keep /lib/modules/*/kernel/fs/cifs*
keep /lib/modules/*/kernel/fs/fat
keep /lib/modules/*/kernel/fs/nfs
keep /lib/modules/*/kernel/fs/nfs_common
keep /lib/modules/*/kernel/fs/fscache
keep /lib/modules/*/kernel/fs/lockd
keep /lib/modules/*/kernel/fs/nls/nls_utf8.ko
keep /lib/modules/*/kernel/fs/configfs/configfs.ko
# autofs4 configfs exportfs *fat *jbd mbcache.ko nls xfs
#*btrfs cramfs *ext2 *fscache *jbd2 *nfs squashfs
# cachefiles dlm *ext3 fuse jffs2 *nfs_common ubifs
# cifs ecryptfs *ext4 gfs2 *lockd nfsd udf
# network
drop /lib/modules/*/kernel/net
keep /lib/modules/*/kernel/net/802*
keep /lib/modules/*/kernel/net/bridge
keep /lib/modules/*/kernel/net/core
keep /lib/modules/*/kernel/net/ipv*
keep /lib/modules/*/kernel/net/key
keep /lib/modules/*/kernel/net/llc
keep /lib/modules/*/kernel/net/netfilter
keep /lib/modules/*/kernel/net/rds
keep /lib/modules/*/kernel/net/sctp
keep /lib/modules/*/kernel/net/sunrpc
#*802 atm can ieee802154 *key *netfilter rfkill *sunrpc xfrm
#*8021q bluetooth *core *ipv4 *llc phonet sched wimax
# 9p *bridge dccp *ipv6 mac80211 *rds *sctp wireless
drop /lib/modules/*/kernel/sound
# drivers
drop /lib/modules/*/kernel/drivers
keep /lib/modules/*/kernel/drivers/ata
keep /lib/modules/*/kernel/drivers/block
keep /lib/modules/*/kernel/drivers/cdrom
keep /lib/modules/*/kernel/drivers/char
keep /lib/modules/*/kernel/drivers/cpufreq
keep /lib/modules/*/kernel/drivers/dca
keep /lib/modules/*/kernel/drivers/dma
keep /lib/modules/*/kernel/drivers/edac
keep /lib/modules/*/kernel/drivers/firmware
keep /lib/modules/*/kernel/drivers/idle
keep /lib/modules/*/kernel/drivers/infiniband
keep /lib/modules/*/kernel/drivers/input/misc/uinput.ko
keep /lib/modules/*/kernel/drivers/md
keep /lib/modules/*/kernel/drivers/message
keep /lib/modules/*/kernel/drivers/net
drop /lib/modules/*/kernel/drivers/net/pcmcia
drop /lib/modules/*/kernel/drivers/net/wireless
drop /lib/modules/*/kernel/drivers/net/ppp*
keep /lib/modules/*/kernel/drivers/pci
keep /lib/modules/*/kernel/drivers/scsi
keep /lib/modules/*/kernel/drivers/staging/ramzswap
keep /lib/modules/*/kernel/drivers/uio
keep /lib/modules/*/kernel/drivers/usb
drop /lib/modules/*/kernel/drivers/usb/atm
drop /lib/modules/*/kernel/drivers/usb/class
drop /lib/modules/*/kernel/drivers/usb/image
drop /lib/modules/*/kernel/drivers/usb/misc
drop /lib/modules/*/kernel/drivers/usb/serial
keep /lib/modules/*/kernel/drivers/usb/storage
keep /lib/modules/*/kernel/drivers/vhost
keep /lib/modules/*/kernel/drivers/virtio
keep /lib/modules/*/kernel/drivers/watchdog
# acpi *cpufreq hid leds mtd ?regulator uwb
#*ata crypto ?hwmon *md *net* rtc *vhost
# atm *dca ?i2c media ?parport *scsi* video
# auxdisplay *dma *idle memstick *pci ?serial *virtio
#*block *edac ieee802154 *message pcmcia ?ssb watchdog
# bluetooth firewire *infiniband ?mfd platform *staging xen
#*cdrom *firmware input misc ?power ?uio
#*char* ?gpu isdn mmc ?pps *usb
drop /usr/share/zoneinfo
keep /usr/share/zoneinfo/UTC
drop /etc/alsa
drop /usr/share/alsa
drop /usr/share/awk
drop /usr/share/vim
drop /usr/share/anaconda
drop /usr/share/backgrounds
drop /usr/share/wallpapers
drop /usr/share/kde-settings
drop /usr/share/gnome-background-properties
drop /usr/share/dracut
drop /usr/share/setuptool
drop /usr/share/hwdata/MonitorsDB
drop /usr/share/hwdata/oui.txt
drop /usr/share/hwdata/videoaliases
drop /usr/share/hwdata/videodrivers
drop /usr/share/firstboot
drop /usr/share/lua
drop /usr/share/kde4
drop /usr/share/pixmaps
drop /usr/share/icons
drop /usr/share/fedora-release
drop /usr/share/tabset
drop /usr/share/augeas/lenses/tests
drop /usr/share/augeas/lenses/dist/*
# generic includes
keep /usr/share/augeas/lenses/dist/build.aug
keep /usr/share/augeas/lenses/dist/hosts.aug
keep /usr/share/augeas/lenses/dist/inifile.aug
keep /usr/share/augeas/lenses/dist/modprobe.aug
keep /usr/share/augeas/lenses/dist/rx.aug
keep /usr/share/augeas/lenses/dist/sep.aug
keep /usr/share/augeas/lenses/dist/shellvars.aug
keep /usr/share/augeas/lenses/dist/spacevars.aug
keep /usr/share/augeas/lenses/dist/sysctl.aug
keep /usr/share/augeas/lenses/dist/util.aug
# whitelist only relevant lenses
keep /usr/share/augeas/lenses/dist/buildd.aug
keep /usr/share/augeas/lenses/dist/cgconfig.aug
keep /usr/share/augeas/lenses/dist/cgrules.aug
keep /usr/share/augeas/lenses/dist/cron.aug
keep /usr/share/augeas/lenses/dist/dhclient.aug
keep /usr/share/augeas/lenses/dist/dnsmasq.aug
keep /usr/share/augeas/lenses/dist/ethers.aug
keep /usr/share/augeas/lenses/dist/exports.aug
keep /usr/share/augeas/lenses/dist/fstab.aug
keep /usr/share/augeas/lenses/dist/group.aug
keep /usr/share/augeas/lenses/dist/grub.aug
keep /usr/share/augeas/lenses/dist/inittab.aug
keep /usr/share/augeas/lenses/dist/iptables.aug
keep /usr/share/augeas/lenses/dist/json.aug
keep /usr/share/augeas/lenses/dist/krb5.aug
keep /usr/share/augeas/lenses/dist/limits.aug
keep /usr/share/augeas/lenses/dist/logrotate.aug
keep /usr/share/augeas/lenses/dist/lokkit.aug
keep /usr/share/augeas/lenses/dist/modules_conf.aug
keep /usr/share/augeas/lenses/dist/multipath.aug
keep /usr/share/augeas/lenses/dist/ntp.aug
keep /usr/share/augeas/lenses/dist/pam.aug
keep /usr/share/augeas/lenses/dist/passwd.aug
keep /usr/share/augeas/lenses/dist/resolv.aug
keep /usr/share/augeas/lenses/dist/securetty.aug
keep /usr/share/augeas/lenses/dist/services.aug
keep /usr/share/augeas/lenses/dist/shellvars_list.aug
keep /usr/share/augeas/lenses/dist/sshd.aug
keep /usr/share/augeas/lenses/dist/sudoers.aug
keep /usr/share/augeas/lenses/dist/utill.aug
keep /usr/share/augeas/lenses/dist/yum.aug
drop /usr/share/tc
drop /usr/share/emacs
drop /usr/share/info
drop /usr/src
drop /usr/etc
drop /usr/games
drop /usr/include
keep /usr/include/python2.*
drop /usr/local
drop /usr/sbin/dell*
keep /usr/sbin/build-locale-archive
drop /usr/sbin/glibc_post_upgrade.*
drop /usr/lib*/tc
drop /usr/lib*/tls
drop /usr/lib*/sse2
drop /usr/lib*/pkgconfig
drop /usr/lib*/nss
drop /usr/lib*/games
drop /usr/lib*/alsa-lib
drop /usr/lib*/krb5
drop /usr/lib*/hal
drop /usr/lib*/gio
# syslinux
drop /usr/share/syslinux
# glibc-common locales
drop /usr/lib/locale
keep /usr/lib/locale/locale-archive
keep /usr/lib/locale/usr/share/locale/en_US
# pango
drop /usr/lib*/pango
drop /usr/lib*/libpango*
drop /usr/lib*/libthai*
drop /usr/share/libthai
drop /etc/pango
drop /usr/bin/pango*
# hal
drop /usr/bin/hal-disable-polling
drop /usr/bin/hal-is-caller-locked-out
drop /usr/bin/hal-is-caller-privileged
drop /usr/bin/hal-lock
drop /usr/bin/hal-set-property
drop /usr/bin/hal-setup-keymap
# openssh
drop /usr/bin/sftp
drop /usr/bin/slogin
drop /usr/bin/ssh-add
drop /usr/bin/ssh-agent
drop /usr/bin/ssh-keyscan
# docs
drop /usr/share/omf
drop /usr/share/gnome
drop /usr/share/doc
keep /usr/share/doc/*-firmware-*
drop /usr/share/locale/
keep /usr/share/locale/en_US
drop /usr/share/man
drop /usr/share/X11
drop /usr/share/i18n
drop /boot/*
keep /boot/efi
drop /var/lib/builder
drop /usr/sbin/rhn_register
drop /usr/sbin/*-channel
drop /usr/share/selinux
drop /usr/lib*/libboost*
keep /usr/lib*/libboost_program_options.so*
keep /usr/lib*/libboost_filesystem.so*
keep /usr/lib*/libboost_thread-mt.so*
keep /usr/lib*/libboost_system.so*
drop /usr/kerberos
keep /usr/kerberos/bin/kinit
keep /usr/kerberos/bin/klist
drop /lib/firmware
keep /lib/firmware/3com
keep /lib/firmware/acenic
keep /lib/firmware/adaptec
keep /lib/firmware/advansys
keep /lib/firmware/bnx2
keep /lib/firmware/bnx2x
keep /lib/firmware/bnx2x*
keep /lib/firmware/cxgb3
keep /lib/firmware/cxgb4
keep /lib/firmware/e100
keep /lib/firmware/myricom
keep /lib/firmware/ql*
keep /lib/firmware/sun
keep /lib/firmware/tehuti
keep /lib/firmware/tigon
keep /lib/firmware/cbfw_fc.bin
keep /lib/firmware/ctfw_cna.bin
keep /lib/firmware/ctfw_fc.bin
keep /lib/firmware/aic94xx-seq.fw
drop /lib/kbd/consolefonts
drop /etc/pki/tls
keep /etc/pki/tls/openssl.cnf
drop /etc/pki/java
drop /etc/pki/nssdb
# minimize net-snmp
drop /etc/rc.d/init.d/snmptrapd
drop /etc/snmp/snmptrapd.conf
drop /etc/sysconfig/snmptrapd
drop /usr/sbin/snmptrapd
drop /usr/bin/net-snmp-create-v3-user
drop /usr/bin/snmpconf
drop /usr/share/snmp/snmpconf-data
#desktop files
drop /etc/xdg/autostart/restorecond.desktop
#ebtables depends on perl
drop /sbin/ebtables-save
drop /sbin/ebtables-restore
# remove bogus kdump script (rpmdiff complains)
drop /etc/kdump-adv-conf
#cim
droprpm tog-pegasus
droprpm tog-pegasus-libs
droprpm mailcap
droprpm openslp
#remove rpms added by dmraid
droprpm ConsoleKit
droprpm checkpolicy
droprpm dmraid-events
droprpm gamin
droprpm gnupg2
droprpm hdparm
droprpm isomd5sum
droprpm libicu
droprpm libsemanage-python
droprpm linux-atm-libs
droprpm make
droprpm mtools
droprpm mysql-libs
droprpm perl
droprpm perl-Module-Pluggable
droprpm perl-Net-Telnet
droprpm perl-PathTools
droprpm perl-Pod-Escapes
droprpm perl-Pod-Simple
droprpm perl-Scalar-List-Utils
droprpm perl-hivex
droprpm perl-macros
droprpm setools-libs
droprpm setools-libs-python
droprpm sgpio
droprpm syslinux
droprpm system-config-firewall-base
droprpm usermode
#NFS Server
droprpm rpcbind
drop /usr/sbin/rpc.idmapd
drop /usr/bin/rpcgen
drop /usr/sbin/rpc.gssd
drop /usr/sbin/rpc.idmapd
drop /usr/sbin/rpc.mountd
drop /usr/sbin/rpc.nfsd
drop /usr/sbin/rpc.svcgssd
drop /usr/sbin/rpcdebug
keep /usr/share/virt-manager
%end
%post
echo "Removing python source files"
find /usr -name '*.py' -exec rm -f {} \;
find /usr -name '*.pyo' -exec rm -f {} \;
%end
%post
echo -n "Creating manifest"
# Create post-image processing manifests
rpm -qa --qf '%{name}-%{version}-%{release}.%{arch} (%{SIGPGP:pgpsig})\n' | \
sort > /manifest-rpm.txt
rpm -qa --qf '%{sourcerpm}\n' | sort -u > /manifest-srpm.txt
# collect all included licenses rhbz#601927
rpm -qa --qf '%{license}\n' | sort -u > /manifest-license.txt
# dependencies
rpm -qa | xargs -n1 rpm -e --test 2> /manifest-deps.txt
echo -n "."
# Takes about 4min
#find / -xdev -print -exec rpm -qf {} \; > /manifest-owns.txt
# Alternative takes about 8sec, results are slightly different
{
# Get all owned files
rpm -qa | while read PKG
do
rpm -ql $PKG | while read FIL
do
[[ -e "$FIL" ]] && echo $FIL
done | sed "s#\$#\t\t\t$PKG#"
done
# Get all files on fs and mark them as not owned
find / -xdev | sed "s#\$#\t\t\tNot owned by any package.#"
# Just keep the first occurence of a file entry
# Unowned files will just occur once,
# owned once twice (just the firts entry is kept)
} | sort -u -k1,1 | sed "s#\t\t\t#\n#" > /manifest-owns.txt
# this one is kept in root for ovirt-rpmquery
rpm -qa --qf '%{NAME}\t%{VERSION}\t%{RELEASE}\t%{BUILDTIME}\n' | \
sort > /rpm-qa.txt
echo -n "."
du -akx --exclude=/var/cache/yum / > /manifest-file.txt
du -x --exclude=/var/cache/yum / > /manifest-dir.txt
echo -n "."
bzip2 /manifest-deps.txt /manifest-owns.txt /manifest-file.txt /manifest-dir.txt
echo -n "."
%end
%post --nochroot
# Move manifests to ISO
mv $INSTALL_ROOT/manifest-* $LIVE_ROOT/isolinux
echo "done"
# only works on x86, x86_64
if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
cp /usr/bin/livecd-iso-to-pxeboot $LIVE_ROOT/LiveOS
fi
%end
%packages --excludedocs --nobase
/usr/sbin/lokkit
PyPAM
acpid
aic94xx-firmware
anyterm
audit
bc
bfa-firmware
biosdevname
checkpolicy
collectd-virt
cracklib-python
cryptsetup-luks
db4
device-mapper-multipath
dhclient
dmraid
dosfstools
dracut-fips
dracut-network
e2fsprogs
efibootmgr
eject
ethtool
febootstrap-supermin-helper
file
gdb
generic-logos
glusterfs-client
grub-efi
hdparm
hwdata
irqbalance
isomd5sum
kernel
kexec-tools
kpartx
kvm
less
libguestfs
libguestfs-tools-c
libmlx4
libvirt-cim
lsof
lsscsi
ltrace
make
net-snmp
newt-python
numactl
openssh-clients
openssh-server
ovirt-node
passwd
patch
pciutils
plymouth
plymouth-graphics-libs
plymouth-plugin-label
plymouth-plugin-two-step
plymouth-scripts
plymouth-system-theme
plymouth-theme-charge
policycoreutils
policycoreutils-python
psmisc
python
python-gudev
python-hivex
python-libguestfs
python-libs
python-setuptools
python-virtinst
qemu-kvm-tools
ql2100-firmware
ql2200-firmware
ql23xx-firmware
ql2400-firmware
ql2500-firmware
rootfiles
rpm-python
sblim-sfcb
selinux-policy-targeted
setools-console
sos
strace
sudo
sysfsutils
sysstat
system-config-keyboard-base
systemtap-runtime
tcpdump
usbutils
vconfig
vdsm-cli
vdsm-reg
vhostmd
vim-minimal
virt-manager-tui
yum
-audit-libs-python
-authconfig
-cpio
-fedora-logos
-fedora-release
-fedora-release-notes
-gzip
-libselinux-python
-libuser
-mtools
-newt
-parted
-prelink
-setserial
-tar
-usermode
-ustr
-which
-wireless-tools
%end

阅读(1734) | 评论(0) | 转发(0) |

上一篇：Using KSM (Kernel Samepage Merging) with KVM

下一篇：Fedora17上安装oVirt Engine 3.1

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6