Last active
October 20, 2020 11:04
-
-
Save williamcaban/877c97ca3b510c02f5ab7e328cf190c8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#version=RHEL8 | |
ignoredisk --only-use=vda | |
# System bootloader configuration | |
bootloader --disabled | |
autopart --type=plain --fstype=ext4 --nohome --noboot --noswap | |
# Clear the Master Boot Record | |
zerombr | |
# Partition clearing information | |
clearpart --all | |
# Reboot after installation | |
reboot | |
# Use text mode install | |
text | |
# Keyboard layouts | |
# old format: keyboard us | |
# new format: | |
keyboard --vckeymap=us --xlayouts='' | |
# System language | |
lang en_US.UTF-8 | |
# Network information | |
network --bootproto=dhcp --device=link --activate | |
repo --name="koji-override-0" --baseurl=http://download-node-02.eng.bos.redhat.com/rhel-8/devel/candidate-trees/RHEL-8/RHEL-8.2.1-updates-20200901.0/c | |
ompose/BaseOS/x86_64/os | |
repo --name="koji-override-1" --baseurl=http://download-node-02.eng.bos.redhat.com/rhel-8/devel/candidate-trees/RHEL-8/RHEL-8.2.1-updates-20200901.0/c | |
ompose/AppStream/x86_64/os | |
# Use network installation | |
url --url="http://download-node-02.eng.bos.redhat.com/rhel-8/devel/candidate-trees/RHEL-8/RHEL-8.2.1-updates-20200901.0/compose/BaseOS/x86_64/os/" | |
# Root password | |
rootpw --iscrypted --lock locked | |
firstboot --disable | |
# Do not configure the X Window System | |
skipx | |
# System services | |
services --disabled="chronyd" | |
# System timezone | |
timezone Etc/UTC --isUtc --nontp | |
%post --logfile=/root/anaconda-post.log --erroronfail | |
set -eux | |
# Support for subscription-manager secrets | |
ln -s /run/secrets/etc-pki-entitlement /etc/pki/entitlement-host | |
ln -s /run/secrets/rhsm /etc/rhsm-host | |
#https://bugzilla.redhat.com/show_bug.cgi?id=1201663 | |
rm -f /etc/systemd/system/multi-user.target.wants/rhsmcertd.service | |
#fips mode | |
# secrets patch creates /run/secrets/system-fips if /etc/system-fips exists on the host | |
#in turn, openssl in the container checks /etc/system-fips but dangling symlink counts as nonexistent | |
ln -s /run/secrets/system-fips /etc/system-fips | |
# Set install langs macro so that new rpms that get installed will | |
# only install langs that we limit it to. | |
LANG="C.utf8" | |
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf | |
echo "LANG=C.utf8" > /etc/locale.conf | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1400682 | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1672230 | |
echo "Import RPM GPG key" | |
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
#echo "# fstab intentionally empty for containers" > /etc/fstab | |
#this is not possible, guestmount needs fstab => brew build crashes without it | |
#fstab is removed in TDL when tar-ing files | |
# Remove network configuration files leftover from anaconda installation | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1713089 | |
rm -f /etc/sysconfig/network-scripts/ifcfg-* | |
# Remove machine-id on pre generated images | |
rm -f /etc/machine-id | |
touch /etc/machine-id | |
%end | |
%post --logfile=/root/anaconda-post.log --erroronfail | |
# Mask mount units and getty service so that we don't get login prompt | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1418327 | |
systemctl mask systemd-logind.service getty.target console-getty.service sys-fs-fuse-connections.mount systemd-remount-fs.service dev-hugepages.mount | |
# a list of things that may be removed but should not, for the sake of consistency: | |
# remove some random help txt files | |
#rm -fv usr/share/gnupg/help*.txt | |
# Pruning random things | |
#rm usr/lib/rpm/rpm.daily | |
#rm -rfv usr/lib64/nss/unsupported-tools/ # unsupported | |
# Statically linked crap | |
#rm -fv usr/sbin/{glibc_post_upgrade.x86_64,sln} | |
#ln usr/bin/ln usr/sbin/sln | |
#some random not-that-useful binaries | |
#rm -fv /usr/bin/pinky | |
# we lose presets by removing /usr/lib/systemd but we do not care | |
# Maybe we do care. Don't remove these for now. rhbz 1619244 | |
#rm -rfv /usr/lib/systemd | |
# if you want to change the timezone, bind-mount it from the host or reinstall tzdata | |
# actually, do not. bind mounting does not work if you lose the name of the symlink target | |
# reinstalling is hassle, rpm database complains, bugs appear | |
# keep tzdata where they are | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1668185 | |
#rm -fv /etc/localtime | |
#mv /usr/share/zoneinfo/UTC /etc/localtime | |
#rm -rfv /usr/share/zoneinfo | |
#udev hardware database not needed in a container | |
#rm -f /etc/udev/hwdb.bin | |
#rm -rf /usr/lib/udev/hwdb.d/* | |
# don't need icons | |
#rm -rfv /usr/share/icons/* | |
# Remove some dnf info | |
rm -rfv /var/lib/dnf | |
# Final pruning | |
rm -rfv /var/cache/* /var/log/* /tmp/* | |
#syntax highlighting goes crazy after a star */ | |
# remove the original RHEL8 EULA | |
# TODO: This affects the integrity of the installed rpm. Find a better way. | |
rm -f /usr/share/redhat-release/EULA | |
# install the repofile | |
cat > /etc/yum.repos.d/ubi.repo <<EOF | |
[ubi-8-baseos] | |
name = Red Hat Universal Base Image 8 (RPMs) - BaseOS | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/baseos/os | |
enabled = 1 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-baseos-debug] | |
name = Red Hat Universal Base Image 8 (Debug RPMs) - BaseOS | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/baseos/debug | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-baseos-source] | |
name = Red Hat Universal Base Image 8 (Source RPMs) - BaseOS | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/baseos/source/SRPMS | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-appstream] | |
name = Red Hat Universal Base Image 8 (RPMs) - AppStream | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/appstream/os | |
enabled = 1 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-appstream-debug] | |
name = Red Hat Universal Base Image 8 (Debug RPMs) - AppStream | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/appstream/debug | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-appstream-source] | |
name = Red Hat Universal Base Image 8 (Source RPMs) - AppStream | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/appstream/source/SRPMS | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-codeready-builder] | |
name = Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/codeready-builder/os | |
enabled = 1 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-codeready-builder-debug] | |
name = Red Hat Universal Base Image 8 (Debug RPMs) - CodeReady Builder | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/codeready-builder/debug | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-codeready-builder-source] | |
name = Red Hat Universal Base Image 8 (Source RPMs) - CodeReady Builder | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/codeready-builder/source/SRPMS | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
EOF | |
%end | |
%post --nochroot --logfile=/mnt/sysimage/root/anaconda-post-nochroot.log --erroronfail | |
set -eux | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1343138 | |
# Fix /run/lock breakage since it's not tmpfs in docker | |
# This unmounts /run (tmpfs) and then recreates the files | |
# in the /run directory on the root filesystem of the container | |
# NOTE: run this in nochroot because "umount" does not exist in chroot | |
umount /mnt/sysimage/run | |
# The file that specifies the /run/lock tmpfile is | |
# /usr/lib/tmpfiles.d/legacy.conf, which is part of the systemd | |
# rpm that isn't included in this image. We'll create the /run/lock | |
# file here manually with the settings from legacy.conf | |
# NOTE: chroot to run "install" because it is not in anaconda env | |
chroot /mnt/sysimage install -d /run/lock -m 0755 -o root -g root | |
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1051816 | |
# NOTE: run this in nochroot because "find" does not exist in chroot | |
# actually, do not delete at all. this is probably not needed with glibc langpacks | |
#KEEPLANG=en_US | |
#for dir in locale i18n; do | |
# find /mnt/sysimage/usr/share/${dir} -mindepth 1 -maxdepth 1 -type d -not \( -name "${KEEPLANG}" -o -name POSIX \) -exec rm -rfv {} + | |
#done | |
%end | |
%packages --excludedocs --nocore --instLangs=en --excludeWeakdeps | |
bash | |
coreutils-single | |
dnf-plugin-subscription-manager | |
findutils | |
gdb-gdbserver | |
glibc-minimal-langpack | |
gzip | |
redhat-release | |
rootfiles | |
subscription-manager | |
tar | |
vim-minimal | |
yum | |
-dosfstools | |
-e2fsprogs | |
-fuse-libs | |
-gnupg2-smime | |
-kernel | |
-libss | |
-pinentry | |
-qemu-guest-agent | |
-shared-mime-info | |
-trousers | |
-xfsprogs | |
-xkeyboard-config | |
%end | |
%addon com_redhat_kdump --disable --reserve-mb='128' | |
%end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#version=F26 | |
# Keyboard layouts | |
keyboard 'us' | |
# Root password | |
rootpw --iscrypted --lock locked | |
# Use network installation | |
url --url="http://download-node-02.eng.bos.redhat.com/rhel-8/devel/candidate-trees/RHEL-8/RHEL-8.2.1-updates-20200901.0/compose/BaseOS/x86_64/os" | |
repo --name="koji-override-0" --baseurl=http://download-node-02.eng.bos.redhat.com/rhel-8/devel/candidate-trees/RHEL-8/RHEL-8.2.1-updates-20200901.0/c | |
ompose/BaseOS/x86_64/os | |
repo --name="koji-override-1" --baseurl=http://download-node-02.eng.bos.redhat.com/rhel-8/devel/candidate-trees/RHEL-8/RHEL-8.2.1-updates-20200901.0/c | |
ompose/AppStream/x86_64/os | |
# Reboot after installation | |
reboot | |
# Network information | |
network --bootproto=dhcp --device=link --activate | |
# System timezone | |
timezone Etc/UTC --isUtc --nontp | |
# Use text mode install | |
text | |
# System bootloader configuration | |
bootloader --disabled | |
autopart --type=plain --fstype=ext4 --nohome --noboot --noswap | |
# Clear the Master Boot Record | |
zerombr | |
# Partition clearing information | |
clearpart --all | |
%post --logfile /root/anaconda-post.log --erroronfail | |
set -eux | |
# Support for subscription-manager secrets | |
ln -s /run/secrets/etc-pki-entitlement /etc/pki/entitlement-host | |
ln -s /run/secrets/rhsm /etc/rhsm-host | |
#https://bugzilla.redhat.com/show_bug.cgi?id=1201663 | |
rm -f /etc/systemd/system/multi-user.target.wants/rhsmcertd.service | |
# secrets patch creates /run/secrets/system-fips if /etc/system-fips exists on the host | |
#in turn, openssl in the container checks /etc/system-fips but dangling symlink counts as nonexistent | |
ln -s /run/secrets/system-fips /etc/system-fips | |
# Set install langs macro so that new rpms that get installed will | |
# only install langs that we limit it to. | |
LANG="C.utf8" | |
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf | |
echo "LANG=C.utf8" > /etc/locale.conf | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1400682 | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1672230 | |
echo "Import RPM GPG key" | |
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
#echo "# fstab intentionally empty for containers" > /etc/fstab | |
#this is not possible, guestmount needs fstab => brew build crashes without it | |
#fstab is removed in TDL when tar-ing files | |
# Remove network configuration files leftover from anaconda installation | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1713089 | |
rm -f /etc/sysconfig/network-scripts/ifcfg-* | |
# Remove machine-id on pre generated images | |
rm -f /etc/machine-id | |
touch /etc/machine-id | |
%end | |
%post --logfile /root/anaconda-post.log --erroronfail | |
# Mask mount units and getty service so that we don't get login prompt | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1418327 | |
systemctl mask systemd-logind.service getty.target console-getty.service sys-fs-fuse-connections.mount systemd-remount-fs.service dev-hugepages.mount | |
# a list of things that may be removed but should not, for the sake of consistency: | |
# remove some random help txt files | |
#rm -fv usr/share/gnupg/help*.txt | |
# Pruning random things | |
#rm usr/lib/rpm/rpm.daily | |
#rm -rfv usr/lib64/nss/unsupported-tools/ # unsupported | |
# Statically linked crap | |
#rm -fv usr/sbin/{glibc_post_upgrade.x86_64,sln} | |
#ln usr/bin/ln usr/sbin/sln | |
#some random not-that-useful binaries | |
#rm -fv /usr/bin/pinky | |
# we lose presets by removing /usr/lib/systemd but we do not care | |
# Maybe we do care. Don't remove these for now. rhbz 1619244 | |
#rm -rfv /usr/lib/systemd | |
# if you want to change the timezone, bind-mount it from the host or reinstall tzdata | |
# actually, do not. bind mounting does not work if you lose the name of the symlink target | |
# reinstalling is hassle, rpm database complains, bugs appear | |
# keep tzdata where they are | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1668185 | |
#rm -fv /etc/localtime | |
#mv /usr/share/zoneinfo/UTC /etc/localtime | |
#rm -rfv /usr/share/zoneinfo | |
#udev hardware database not needed in a container | |
#rm -f /etc/udev/hwdb.bin | |
#rm -rf /usr/lib/udev/hwdb.d/* | |
# don't need icons | |
#rm -rfv /usr/share/icons/* | |
# Remove some dnf info | |
rm -rfv /var/lib/dnf | |
# Final pruning | |
rm -rfv /var/cache/* /var/log/* /tmp/* | |
#syntax highlighting goes crazy after a star */ | |
# remove the original RHEL8 EULA | |
# TODO: This affects the integrity of the installed rpm. Find a better way. | |
rm -f /usr/share/redhat-release/EULA | |
# install the repofile | |
cat > /etc/yum.repos.d/ubi.repo <<EOF | |
[ubi-8-baseos] | |
name = Red Hat Universal Base Image 8 (RPMs) - BaseOS | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/baseos/os | |
enabled = 1 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-baseos-debug] | |
name = Red Hat Universal Base Image 8 (Debug RPMs) - BaseOS | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/baseos/debug | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-baseos-source] | |
name = Red Hat Universal Base Image 8 (Source RPMs) - BaseOS | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/baseos/source/SRPMS | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-appstream] | |
name = Red Hat Universal Base Image 8 (RPMs) - AppStream | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/appstream/os | |
enabled = 1 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-appstream-debug] | |
name = Red Hat Universal Base Image 8 (Debug RPMs) - AppStream | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/appstream/debug | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-appstream-source] | |
name = Red Hat Universal Base Image 8 (Source RPMs) - AppStream | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/appstream/source/SRPMS | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-codeready-builder] | |
name = Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/codeready-builder/os | |
enabled = 1 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-codeready-builder-debug] | |
name = Red Hat Universal Base Image 8 (Debug RPMs) - CodeReady Builder | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/codeready-builder/debug | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
[ubi-8-codeready-builder-source] | |
name = Red Hat Universal Base Image 8 (Source RPMs) - CodeReady Builder | |
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/\$basearch/codeready-builder/source/SRPMS | |
enabled = 0 | |
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
gpgcheck = 1 | |
EOF | |
%end | |
%post --nochroot --logfile /mnt/sysimage/root/anaconda-post-nochroot.log --erroronfail | |
set -eux | |
# https://bugzilla.redhat.com/show_bug.cgi?id=1343138 | |
# Fix /run/lock breakage since it's not tmpfs in docker | |
# This unmounts /run (tmpfs) and then recreates the files | |
# in the /run directory on the root filesystem of the container | |
# NOTE: run this in nochroot because "umount" does not exist in chroot | |
umount /mnt/sysimage/run | |
# The file that specifies the /run/lock tmpfile is | |
# /usr/lib/tmpfiles.d/legacy.conf, which is part of the systemd | |
# rpm that isn't included in this image. We'll create the /run/lock | |
# file here manually with the settings from legacy.conf | |
# NOTE: chroot to run "install" because it is not in anaconda env | |
chroot /mnt/sysimage install -d /run/lock -m 0755 -o root -g root | |
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1051816 | |
# NOTE: run this in nochroot because "find" does not exist in chroot | |
# actually, do not delete at all. this is probably not needed with glibc langpacks | |
#KEEPLANG=en_US | |
#for dir in locale i18n; do | |
# find /mnt/sysimage/usr/share/${dir} -mindepth 1 -maxdepth 1 -type d -not \( -name "${KEEPLANG}" -o -name POSIX \) -exec rm -rfv {} + | |
#done | |
%end | |
%addon com_redhat_kdump --disable | |
%end | |
%packages --excludedocs --nocore --instLangs=en --excludeWeakdeps | |
bash | |
coreutils-single | |
dnf-plugin-subscription-manager | |
findutils | |
gdb-gdbserver | |
glibc-minimal-langpack | |
gzip | |
redhat-release | |
rootfiles | |
subscription-manager | |
tar | |
vim-minimal | |
yum | |
-dosfstools | |
-e2fsprogs | |
-fuse-libs | |
-gnupg2-smime | |
-kernel | |
-libss | |
-pinentry | |
-qemu-guest-agent | |
-shared-mime-info | |
-trousers | |
-xfsprogs | |
-xkeyboard-config | |
%end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment