[Libosinfo] [osinfo-db 1/2] install-script, suse: Add install-scripts for SLES 12+
Fabiano Fidêncio
fabiano at fidencio.org
Tue May 2 19:25:00 UTC 2017
On Tue, May 2, 2017 at 1:48 PM, Christophe Fergeau <cfergeau at redhat.com> wrote:
> On Sun, Apr 23, 2017 at 12:41:30AM +0200, Fabiano Fidêncio wrote:
>> The install-scripts added support SLES 12, SLES 12 SP1 and SLES 12 SP2.
>>
>> Those scripts were completely based on the openSUSE ones and tested
>> against the "free for download" ISOs provided by SUSE, that you can find
>> in: https://www.suse.com/download-linux/
>>
>> Signed-off-by: Fabiano Fidêncio <fabiano at fidencio.org>
>> ---
>> .../suse.com/suse-autoyast-desktop.xml.in | 287 +++++++++++++++++++++
>> .../suse.com/suse-autoyast-jeos.xml.in | 201 +++++++++++++++
>> data/os/suse.com/sles-12.1.xml.in | 7 +-
>> data/os/suse.com/sles-12.2.xml.in | 13 +-
>> data/os/suse.com/sles-12.xml.in | 7 +-
>> 5 files changed, 509 insertions(+), 6 deletions(-)
>> create mode 100644 data/install-script/suse.com/suse-autoyast-desktop.xml.in
>> create mode 100644 data/install-script/suse.com/suse-autoyast-jeos.xml.in
>>
>> diff --git a/data/install-script/suse.com/suse-autoyast-desktop.xml.in b/data/install-script/suse.com/suse-autoyast-desktop.xml.in
>> new file mode 100644
>> index 0000000..acb38c1
>> --- /dev/null
>> +++ b/data/install-script/suse.com/suse-autoyast-desktop.xml.in
>> @@ -0,0 +1,287 @@
>> +<libosinfo version="0.0.1">
>> +<!-- Licensed under the GNU General Public License version 2 or later.
>> + See http://www.gnu.org/licenses/ for a copy of the license text -->
>> +
>> + <!-- DESKTOP PROFILE -->
>> + <install-script id='http://suse.com/suse/autoyast/desktop'>
>> + <profile>desktop</profile>
>> + <expected-filename>autoinst.xml</expected-filename>
>> + <config>
>> + <!-- Localization options -->
>> + <param name="l10n-keyboard" policy="optional" value-map="http://x.org/x11-keyboard"/>
>> + <param name="l10n-language" policy="optional"/>
>> + <param name="l10n-timezone" policy="optional"/>
>> +
>> + <!-- Network options -->
>> + <param name="hostname" policy="optional"/>
>> + <param name="domain" policy="optional"/>
>> +
>> + <!-- Account options -->
>> + <param name="admin-password" policy="optional"/>
>> + <param name="user-fullname" policy="optional"/>
>> + <param name="user-login" policy="required"/>
>> + <param name="user-password" policy="optional"/>
>> + <param name="avatar-location" policy="optional"/>
>> + <param name="avatar-disk" policy="optional"/>
>> + </config>
>> + <injection-method>disk</injection-method>
>> +
>> + <template>
>> + <xsl:stylesheet
>> + xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
>> + version="1.0">
>> +
>> + <xsl:output method="xml" indent="yes" omit-xml-declaration="yes"/>
>> +
>> + <xsl:template name="l10n-language">
>> + <xsl:choose>
>> + <xsl:when test="config/l10n-language != '' and config/l10n-language != 'C'">
>> + <xsl:value-of select="config/l10n-language"/>
>> + </xsl:when>
>> + <xsl:otherwise>
>> + <xsl:text>en_US</xsl:text>
>> + </xsl:otherwise>
>> + </xsl:choose>
>> + </xsl:template>
>> +
>> + <xsl:template name="l10n-keyboard">
>> + <xsl:choose>
>> + <xsl:when test="config/l10n-keyboard != '' and config/l10n-keyboard != 'C'">
>> + <xsl:value-of select="config/l10n-keyboard"/>
>> + </xsl:when>
>> + <xsl:otherwise>
>> + <xsl:text>us</xsl:text>
>> + </xsl:otherwise>
>> + </xsl:choose>
>> + </xsl:template>
>> +
>> + <xsl:template match="/command-line">
>> + <xsl:text>autoyast=device://sda/</xsl:text>
>
> I guess vda is not valid there?
Nops. That's the same case for OpenSUSE.
>
>> + <xsl:value-of select="script/expected-filename"/>
>> + </xsl:template>
>> +
>> + <xsl:template match="/install-script-config">
>> + <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
>> + <bootloader>
>> + <device_map config:type="list">
>> + <device_map_entry>
>> + <firmware>hd0</firmware>
>> + <linux>/dev/vda</linux>
>> + </device_map_entry>
>> + </device_map>
>> + <global>
>> + <activate>true</activate>
>> + <append>resume=/dev/vda1 splash=silent quiet showopts</append>
>> + <boot_boot>false</boot_boot>
>> + <boot_extended>false</boot_extended>
>> + <boot_mbr>false</boot_mbr>
>> + <boot_root>true</boot_root>
>> + <default>0</default>
>> + <distributor/>
>> + <failsafe_disabled>true</failsafe_disabled>
>> + <generic_mbr>true</generic_mbr>
>> + <gfxmode>auto</gfxmode>
>> + <os_prober>true</os_prober>
>> + <terminal>gfxterm</terminal>
>> + <timeout config:type="integer">8</timeout>
>> + <vgamode/>
>> + </global>
>> + <loader_type>grub2</loader_type>
>> + </bootloader>
>> + <firewall>
>> + <enable_firewall config:type="boolean">false</enable_firewall>
>> + <start_firewall config:type="boolean">false</start_firewall>
>> + </firewall>
>
> Any particular reason to disable firewall?
No particular reason. I'll remove it in a v2.
>
>> + <general>
>> + <ask-list config:type="list"/>
>> + <mode>
>> + <confirm config:type="boolean">false</confirm>
>> + <final_reboot config:type="boolean">true</final_reboot>
>> + </mode>
>> + <proposals config:type="list"/>
>> + <signature-handling>
>> + <accept_file_without_checksum config:type="boolean">true</accept_file_without_checksum>
>> + <accept_non_trusted_gpg_key config:type="boolean">true</accept_non_trusted_gpg_key>
>> + <accept_unknown_gpg_key config:type="boolean">true</accept_unknown_gpg_key>
>> + <accept_unsigned_file config:type="boolean">true</accept_unsigned_file>
>> + <accept_verification_failed config:type="boolean">false</accept_verification_failed>
>> + <import_gpg_key config:type="boolean">true</import_gpg_key>
>> + </signature-handling>
>
> This seems fairly unsecure too, is this required?
Hmm. I'll double check, but I do believe I can drop those for SLES.
>
>
>> + <storage>
>> + <partition_alignment config:type="symbol">align_optimal</partition_alignment>
>> + <start_multipath config:type="boolean">false</start_multipath>
>> + </storage>
>> + </general>
>> + <keyboard>
>> + <keyboard_values>
>> + <delay/>
>> + <discaps config:type="boolean">false</discaps>
>> + <numlock>bios</numlock>
>> + <rate/>
>> + </keyboard_values>
>> + <keymap><xsl:call-template name="l10n-keyboard"/></keymap>
>> + </keyboard>
>> + <language><xsl:call-template name="l10n-language"/></language>
>> + <networking>
>> + <managed config:type="boolean">false</managed>
>> + <interfaces config:type="list">
>> + <interface>
>> + <bootproto>dhcp</bootproto>
>> + <device>eth0</device>
>> + <startmode>auto</startmode>
>> + <usercontrol>no</usercontrol>
>> + </interface>
>> + </interfaces>
>> + </networking>
>> + <partitioning config:type="list">
>> + <drive>
>> + <device>/dev/vda</device>
>> + <type config:type="symbol">CT_DISK</type>
>> + <use>all</use>
>> + </drive>
>> + </partitioning>
>> + <report>
>> + <errors>
>> + <log config:type="boolean">true</log>
>> + <show config:type="boolean">true</show>
>> + <timeout config:type="integer">0</timeout>
>> + </errors>
>> + <messages>
>> + <log config:type="boolean">true</log>
>> + <show config:type="boolean">true</show>
>> + <timeout config:type="integer">10</timeout>
>> + </messages>
>> + <warnings>
>> + <log config:type="boolean">true</log>
>> + <show config:type="boolean">true</show>
>> + <timeout config:type="integer">10</timeout>
>> + </warnings>
>> + <yesno_messages>
>> + <log config:type="boolean">true</log>
>> + <show config:type="boolean">true</show>
>> + <timeout config:type="integer">10</timeout>
>> + </yesno_messages>
>> + </report>
>> + <scripts>
>> + <chroot-scripts config:type="list">
>> + <script>
>> + <chrooted config:type="boolean">true</chrooted>
>> + <source>
>> +
>> +if test -z '<xsl:value-of select="config/user-password"/>'; then
>> +pam-config -a --unix-nullok
>> +pam-config -a --nullok
>
> Shouldn't this be conditional on the SUSE version as done below?
Nops. It's needed for all versions to allow setting a user with no password.
>
>> +
>> +<xsl:if test="os/version = 12">
>> +useradd <xsl:value-of select="config/user-login"/> -m -G users
>> +passwd -d <xsl:value-of select="config/user-login"/>
>> +</xsl:if>
>
> Does this mean we are not setting a password on older suse?
There's no older SUSE script at this point.
For 12 SP1 and 12 SP2 we can do this using the <users> XML tag, while
for 12 the only way that worked was by actually adding the user as
done above.
>
>> +
>> +#Enable passwordless login for users that are part of the nopasswdlogin group
>> +sed -i '4 i auth sufficient pam_succeed_if.so user ingroup nopasswdlogin' /etc/pam.d/gdm-password
>> +fi
>> +
>> +if test -n '<xsl:value-of select="config/avatar-location"/>'; then
>> +# Set user avatar
>> +mkdir /mnt/unattended-media
>> +mount <xsl:value-of select='config/avatar-disk'/> /mnt/unattended-media
>> +cp /mnt/unattended-media<xsl:value-of select="config/avatar-location"/> /var/lib/AccountsService/icons/<xsl:value-of select="config/user-login"/>
>> +umount /mnt/unattended-media
>> +
>> +echo "
>> +[User]
>> +Language=<xsl:value-of select="config/l10n-language"/>.UTF-8
>> +XSession=gnome
>> +Icon=/var/lib/AccountsService/icons/<xsl:value-of select="config/user-login"/>
>> +" >> /var/lib/AccountsService/users/<xsl:value-of select="config/user-login"/>
>> +fi
>> + </source>
>> + </script>
>> + </chroot-scripts>
>> + </scripts>
>> + <services-manager>
>> + <default_target>graphical</default_target>
>> + </services-manager>
>> + <software>
>> + <packages config:type="list">
>> + <package>autoyast2-installation</package>
>> + <package>gdm</package>
>> + </packages>
>> + <patterns config:type="list">
>> + <pattern>Minimal</pattern>
>> + <pattern>apparmor</pattern>
>> + <pattern>base</pattern>
>> + <pattern>gnome-basic</pattern>
>> + <pattern>printing</pattern>
>> + <xsl:if test="os/version > 12">
>> + <pattern>smt</pattern>
>> + </xsl:if>
>> + <pattern>x11</pattern>
>> + </patterns>
>> + </software>
>> + <sysconfig config:type="list">
>> + <sysconfig_entry>
>> + <sysconfig_key>DISPLAYMANAGER</sysconfig_key>
>> + <sysconfig_path>/etc/sysconfig/displaymanager</sysconfig_path>
>> + <sysconfig_value>gdm</sysconfig_value>
>> + </sysconfig_entry>
>> + <sysconfig_entry>
>> + <sysconfig_key>DEFAULT_WM</sysconfig_key>
>> + <sysconfig_path>/etc/sysconfig/windowmanager</sysconfig_path>
>> + <sysconfig_value>gnome</sysconfig_value>
>> + </sysconfig_entry>
>> + </sysconfig>
>> + <timezone>
>> + <hwclock>UTC</hwclock>
>> + <timezone><xsl:value-of select="config/l10n-timezone"/></timezone>
>> + </timezone>
>> + <user_defaults>
>> + <expire/>
>> + <group>100</group>
>> + <groups/>
>> + <home>/home</home>
>> + <inactive>-1</inactive>
>> + <no_groups config:type="boolean">true</no_groups>
>> + <shell>/bin/bash</shell>
>> + <skel>/etc/skel</skel>
>> + <umask>022</umask>
>> + </user_defaults>
>
> Same question, a bit below you check for suse version before allowing
> empty passwords, should the condition be here too?
That's not the case here. The group "nopasswdlogin" must be created in
any SLES version in order to allow passwordless login.
>
>> + <xsl:if test="config/user-password = ''">
>> + <groups config:type="list">
>> + <group>
>> + <group_password>x</group_password>
>> + <groupname>nopasswdlogin</groupname>
>> + <userlist><xsl:value-of select="config/user-login"/></userlist>
>> + </group>
>> + </groups>
>> + </xsl:if>
>> + <users config:type="list">
>> + <user>
>> + <encrypted config:type="boolean">false</encrypted>
>> + <fullname>root</fullname>
>> + <gid>0</gid>
>> + <home>/root</home>
>> + <shell>/bin/bash</shell>
>> + <uid>0</uid>
>> + <user_password><xsl:value-of select="config/admin-password"/></user_password>
>> + <username>root</username>
>> + </user>
>> + <!--
>> + While SLES 12 doesn't allow creating a user without a password,
>> + it's okay to do so on the newer versions
>> + -->
>> + <xsl:if test="config/user-password != '' or os/version > 12">
>> + <user>
>> + <encrypted config:type="boolean">false</encrypted>
>> + <fullname><xsl:value-of select="config/user-fullname"/></fullname>
>> + <user_password><xsl:value-of select="config/user-password"/></user_password>
>> + <username><xsl:value-of select="config/user-login"/></username>
>> + </user>
>> + </xsl:if>
>
> So we don't set a user password on older suse?
We do!
At this point the only supported versions are:
SLES 12:
- passwordless users must be created by useradd
- normal user creating can be done through <user> XML tag
SLES 12 SP1 and SLES 12 SP2:
- both normal and passwordless users can be created through the
<user> XML tag.
>
> Christophe
>
> _______________________________________________
> Libosinfo mailing list
> Libosinfo at redhat.com
> https://www.redhat.com/mailman/listinfo/libosinfo
>
Best Regards,
--
Fabiano Fidêncio
More information about the Libosinfo
mailing list