下面來分析下自動安裝虛機時用到的ks文件:
默認情況下,整個自動安裝過程會涉及到4個ks文件,但是我們可以根據我們的實際情況及需求進行靈活調整。
(1)ovirt-appliance-fedora.ks.tpl
**導入fedora-cloud-base.ks文件內容** %include fedora-spin-kickstarts/fedora-cloud-base.ks # # Repos # # baseurl variant #url --url=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Fedora/$basearch/os/ #repo --name="fedora" --baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Fedora/$basearch/os/ #repo --name="updates" --baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/$basearch/ **定義安裝源及YUM源** # mirrorlist variant url --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch repo --name="updates" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch # # Configuration # **設置SELinux爲permissive模式** selinux --permissive **重新配置firstboot** firstboot --reconfig **鎖定root用戶密碼** rootpw --plaintext none --lock **系統安裝完成後關閉電源** poweroff **添加一個名爲admin的用戶,加入到wheel組中** user --name=admin --plaintext --password=none --groups=wheel # # Packages # **定義要安裝的包** %packages **初始配置工具,centos6.5中沒有** initial-setup(The initial-setup utility runs after installation. It guides the user through a series of steps that allows for easier configuration of the machine.) **重寫磁盤分區表的工具** dracut-modules-growroot(This dracut module will re-write the partition table of a disk so that the root partition has as much space as possible, bumping it up to the edge of the disk, or the edge of the next partition.) %end **安裝後執行的任務** %post --erroronfail # **準備initial-setup工具** echo "Preparing initial-setup" # **安裝軟件包** yum install -y initial-setup plymouth(Plymouth provides an attractive graphical boot animation in place of the text messages that normally get shown. Text messages are instead redirected to a log file for viewing after boot.) **系統啓動時initial-setup-text服務發現該文件時確認需要初始化配置系統** touch /etc/reconfigSys **設置initial-setup-text(字符界面)服務隨系統啓動** systemctl enable initial-setup-text.service **禁止initial-setup-graphical(圖形界面)服務隨系統啓動** systemctl disable initial-setup-graphical.service # Default tty is ttyS0, to display initial-setup on tty0 we need to set this explicitly sed -i \ **設置initial-setup在tty0顯示** -e "/^StandardOutput/ a TTYPath=/dev/tty0" \ -e "/^Description/ a Before=cloud-init-local.service cloud-init.service" \ /usr/lib/systemd/system/initial-setup-text.service %end %post --erroronfail # **預安裝ovirt-engine及ovirt-guest-agent包** echo "Pre-Installing oVirt stuff" # yum install -y http://resources.ovirt.org/pub/yum-repo/ovirt-release35.rpm yum install -y ovirt-engine ovirt-guest-agent # **生成ovirt-engine的應答文件** echo "Creating a partial answer file" # cat > /root/ovirt-engine-answers <<__EOF__ [environment:default] OVESETUP_CORE/engineStop=none:None OVESETUP_DIALOG/confirmSettings=bool:True OVESETUP_DB/database=str:engine OVESETUP_DB/fixDbViolations=none:None OVESETUP_DB/secured=bool:False OVESETUP_DB/securedHostValidation=bool:False OVESETUP_DB/host=str:localhost OVESETUP_DB/user=str:engine OVESETUP_DB/port=int:5432 OVESETUP_SYSTEM/nfsConfigEnabled=bool:False OVESETUP_CONFIG/applicationMode=str:virt OVESETUP_CONFIG/firewallManager=str:firewalld OVESETUP_CONFIG/websocketProxyConfig=none:True OVESETUP_CONFIG/storageType=str:nfs OVESETUP_PROVISIONING/postgresProvisioningEnabled=bool:True OVESETUP_APACHE/configureRootRedirection=bool:True OVESETUP_APACHE/configureSsl=bool:True OSETUP_RPMDISTRO/requireRollback=none:None OSETUP_RPMDISTRO/enableUpgrade=none:None __EOF__ %end %post --erroronfail # **啓用wheels組的sudo權限** echo "Enabling sudo for wheels" # **註釋掉關於wheel組中用戶不輸入密碼即可使用sudo提升權限的配置行,刪除root用戶密碼並配置密碼過期** sed -i "/%wheel.*NOPASSWD/ s/^#//" /etc/sudoers passwd --delete root passwd --expire root %end
(2)fedora-cloud-base.ks
# This is a basic Fedora 21 spin designed to work in OpenStack and other
# private cloud environments. It's configured with cloud-init so it will
# take advantage of ec2-compatible metadata services for provisioning ssh
# keys. Cloud-init creates a user account named "fedora" with passwordless
# sudo access. The root password is empty and locked by default.
#
# Note that unlike the standard F20 install, this p_w_picpath has /tmp on disk
# rather than in tmpfs, since memory is usually at a premium.
#
# This kickstart file is designed to be used with appliance-creator and
# may need slight modification for use with actual anaconda or other tools.
# We intend to target anaconda-in-a-vm style p_w_picpath building for F20.
**設置文本模式安裝**
text
**設置語言及編碼類型**
lang en_US.UTF-8
**設置鍵盤類型**
keyboard us
**設置日期顯示類型**
timezone --utc Etc/UTC
**設置系統驗證信息**
auth --useshadow --enablemd5
**設置SELinux爲強制模式**
selinux --enforcing
**鎖定root用戶密碼/root用戶密碼加密**
rootpw --lock --iscrypted locked
**添加一個名爲none的用戶**
user --name=none
**禁用防火牆**
firewall --disabled
**bootloader設置,待確認具體參數功能**
bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8" --extlinux
**設置eth0網卡通過dhcp進行網絡參數配置,激活/啓用該網卡**
network --bootproto=dhcp --device=eth0 --activate --onboot=on
**設置這些服務隨系統啓動**
services --enabled=network,sshd,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final
**清空mbr**
zerombr
**清空所有分區**
clearpart --all
**設置根分區大小爲3000M,格式化爲ext4文件系統**
part / --size 3000 --fstype ext4
**導入fedora-repo.ks文件,導入最新源信息,可註釋掉**
%include fedora-repo.ks
**系統安裝完後重啓**
reboot
**要安裝的包列表**
# Package list.
%packages
kernel-core(centos6.5無該包)
@core
grubby
# cloud-init does magical things with EC2 metadata, including provisioning
# a user account with ssh keys.
cloud-init(Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts.)
# this is used by openstack's cloud orchestration framework (and it's small)
heat-cfntools(Tools required to be installed on Heat provisioned cloud instances)
# need this for growpart, because parted doesn't yet support resizepart
# https://bugzilla.redhat.com/show_bug.cgi?id=966993
cloud-utils-growpart(This package provides the growpart script for growing a partition. It is primarily used in cloud p_w_picpaths in conjunction with the dracut-modules-growroot package to grow the root partition on first boot.)
# We need this p_w_picpath to be portable; also, rescue mode isn't useful here.
dracut-config-generic(centos6.5無該軟件包)
-dracut-config-rescue
syslinux-extlinux(The EXTLINUX bootloader, for booting the local system, as well as all the SYSLINUX/PXELINUX modules in /boot.)
**需要初始安裝,後續會刪除**
# Needed initially, but removed below.
firewalld
**挑選的一些會用到的包**
# cherry-pick a few things from @standard
tar
rsync
**刪除@core包組中不需要的軟件包**
# Some things from @core we can do without in a minimal install
-biosdevname
-plymouth
-NetworkManager
-iprutils
-kbd
-uboot-tools
-kernel
-grub2
%end
%post --erroronfail
**爲EC2創建grub.conf文件**
# Create grub.conf for EC2. This used to be done by appliance creator but
# anaconda doesn't do it. And, in case appliance-creator is used, we're
# overriding it here so that both cases get the exact same file.
# Note that the console line is different -- that's because EC2 provides
# different virtual hardware, and this is a convenient way to act differently
echo -n "Creating grub.conf for pvgrub"
rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab )
mkdir /boot/grub
echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do
echo "title Fedora ($kv)" >> /boot/grub/grub.conf
echo -e "\troot (hd0)" >> /boot/grub/grub.conf
echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid no_timer_check console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
echo
done
**爲ec2建立grub.conf的鏈接**
#link grub.conf to menu.lst for ec2 to work
echo -n "Linking menu.lst to old-style grub.conf for pv-grub"
ln -sf grub.conf /boot/grub/menu.lst
ln -sf /boot/grub/grub.conf /etc/grub.conf
**老版本的livecd-tools工具中沒有--lock,使用passwd鎖定root用戶密碼**
# older versions of livecd-tools do not follow "rootpw --lock" line above
# https://bugzilla.redhat.com/show_bug.cgi?id=964299
passwd -l root
# remove the user anaconda forces us to make
userdel -r none
**設置kickstart的超時時間爲1秒**
# Kickstart specifies timeout in seconds; syslinux uses 10ths.
# 0 means wait forever, so instead we'll go with 1.
sed -i 's/^timeout 10/timeout 1/' /boot/extlinux/extlinux.conf
**設置systemd在正確的運行級別啓動**
# setup systemd to boot to the right runlevel
echo -n "Setting default runlevel to multiuser text mode"
rm -f /etc/systemd/system/default.target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
**如果你想刪除rsyslog,只使用journald,需要註釋掉這部分**
# If you want to remove rsyslog and just use journald, remove this!
echo -n "Disabling persistent journal"
rmdir /var/log/journal/
echo .
**刪除虛擬機中不需要的包linux-firmware**
# this is installed by default but we don't need it in virt
echo "Removing linux-firmware package."
yum -C -y remove linux-firmware
**刪除firewalld包**
# Remove firewalld; was supposed to be optional in F18+, but is required to
# be present for install/p_w_picpath building.
echo "Removing firewalld."
yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
**刪除其它的一些只在系統安裝時需要的包**
# Another one needed at install time but not after that, and it pulls
# in some unneeded deps (like, newt and slang)
echo "Removing authconfig."
yum -C -y remove authconfig --setopt="clean_requirements_on_remove=1"
**禁用串口控制檯**
echo -n "Getty fixes"
# although we want console output going to the serial console, we don't
# actually have the opportunity to login there. FIX.
# we don't really need to auto-spawn _any_ gettys.
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
**初始配置腳本需要這個文件**
echo -n "Network fixes"
# initscripts don't like this file to be missing.
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
**刪除udev中關於網卡的配置文件(文件中包含網卡的MAC信息,因此需要刪除)**
# For cloud p_w_picpaths, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
**eth0網卡的基本配置信息**
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF
**生成localhost域名解析信息**
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
**禁用將tmpfs掛載到/tmp**
# Because memory is scarce resource in most cloud/virt environments,
# and because this impedes forensics, we are differing from the Fedora
# default of having /tmp on tmpfs.
echo "Disabling tmpfs for /tmp."
systemctl mask tmp.mount
**確保firstboot不會在系統啓動時配置系統**
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# Uncomment this if you want to use cloud init but suppress the creation
# of an "ec2-user" account. This will, in the absence of further config,
# cause the ssh key from a metadata source to be put in the root account.
#cat <<EOF > /etc/cloud/cloud.cfg.d/50_suppress_ec2-user_use_root.cfg
#users: []
#disable_root: 0
#EOF
**刪除random-seed**
echo "Removing random-seed so it's not the same in every p_w_picpath."
rm -f /var/lib/random-seed
**清空yum源緩存數據**
echo "Cleaning old yum repodata."
yum history new
yum clean all
truncate -c -s 0 /var/log/yum.log
**導入RPM GPG key**
echo "Import RPM GPG key"
releasever=$(rpm -q --qf '%{version}\n' fedora-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
**列出已經安裝的軟件包列表**
echo "Packages within this cloud p_w_picpath:"
echo "-----------------------------------------------------------------------"
rpm -qa
echo "-----------------------------------------------------------------------"
# Note that running rpm recreates the rpm db files which aren't needed/wanted
rm -f /var/lib/rpm/__db*
**修復SELinux上下文**
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
chattr -i /boot/extlinux/ldlinux.sys
/usr/sbin/fixfiles -R -a restore
chattr +i /boot/extlinux/ldlinux.sys
**用0填充空餘空間**
echo "Zeroing out empty space."
# This forces the filesystem to reclaim space from deleted files
dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
rm -f /var/tmp/zeros
echo "(Don't worry -- that out-of-space error was expected.)"
%end(3)fedora-repo.ks(導入一些附加的repo源,該源最終會被註釋掉)
# Include the appropriate repo definitions # Exactly one of the following should be uncommented # For the master branch the following should be uncommented %include fedora-repo-rawhide.ks # For non-master branches the following should be uncommented # %include fedora-repo-not-rawhide.ks
(4)fedora-repo-rawhide.ks
repo --name=rawhide --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=$basearch
前一篇中提到make過程中,這些ks文件會被拼接到一起,最後生成一個名爲ovirt-appliance-fedora.ks的文件,該文件最終在虛擬機安裝時被調用。
#version=DEVEL
#repo --name="rawhide" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
repo --name="updates" --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f19&arch=x86_64
# Keyboard layouts
keyboard 'us'# Shutdown after installation
shutdown
# Root password
rootpw --lock --plaintext none
# System timezone
timezone Etc/UTC --isUtc
# Use network installation
url --mirrorlist="http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-19&arch=x86_64"
# System language
lang en_US.UTF-8
user --name=none
user --groups=wheel --name=admin --password=none
# Firewall configuration
firewall --disabled
# Network information
network --activate
# System authorization information
auth --useshadow --enablemd5
# Use text mode install
# Run the Setup Agent on first boot
firstboot --reconfig --reconfig
# SELinux configuration
selinux --permissive
# System services
services --enabled="network,sshd,initial-setup-text,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final"
# System bootloader configuration
bootloader --location=mbr --timeout=1
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all
# Disk partitioning information
part / --size 8000 --fstype ext4 --fsoptions discard
%post --erroronfail
# Create grub.conf for EC2. This used to be done by appliance creator but
# anaconda doesn't do it. And, in case appliance-creator is used, we're
# overriding it here so that both cases get the exact same file.
# Note that the console line is different -- that's because EC2 provides
# different virtual hardware, and this is a convenient way to act differently
echo -n "Creating grub.conf for pvgrub"
rootuuid=$( awk '$2=="/" { print $1 };' /etc/fstab )
mkdir /boot/grub
echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-// ); do
echo "title Fedora ($kv)" >> /boot/grub/grub.conf
echo -e "\troot (hd0)" >> /boot/grub/grub.conf
echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid no_timer_check console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
echo
done
#link grub.conf to menu.lst for ec2 to work
echo -n "Linking menu.lst to old-style grub.conf for pv-grub"
ln -sf grub.conf /boot/grub/menu.lst
ln -sf /boot/grub/grub.conf /etc/grub.conf
# older versions of livecd-tools do not follow "rootpw --lock" line above
# https://bugzilla.redhat.com/show_bug.cgi?id=964299
passwd -l root
# remove the user anaconda forces us to make
userdel -r none
# Kickstart specifies timeout in seconds; syslinux uses 10ths.
# 0 means wait forever, so instead we'll go with 1.
sed -i 's/^timeout 10/timeout 1/' /boot/extlinux/extlinux.conf
# setup systemd to boot to the right runlevel
echo -n "Setting default runlevel to multiuser text mode"
#rm -f /etc/systemd/system/default.target
#ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
echo .
# If you want to remove rsyslog and just use journald, remove this!
echo -n "Disabling persistent journal"
rmdir /var/log/journal/
echo .
# this is installed by default but we don't need it in virt
echo "Removing linux-firmware package."
#yum -C -y remove linux-firmware
# Remove firewalld; was supposed to be optional in F18+, but is required to
# be present for install/p_w_picpath building.
echo "Removing firewalld."
#yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
# Another one needed at install time but not after that, and it pulls
# in some unneeded deps (like, newt and slang)
echo "Removing authconfig."
#yum -C -y remove authconfig --setopt="clean_requirements_on_remove=1"
echo -n "Getty fixes"
# although we want console output going to the serial console, we don't
# actually have the opportunity to login there. FIX.
# we don't really need to auto-spawn _any_ gettys.
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
echo -n "Network fixes"
# initscripts don't like this file to be missing.
cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NOZEROCONF=yes
EOF
# For cloud p_w_picpaths, 'eth0' _is_ the predictable device name, since
# we don't want to be tied to specific virtual (!) hardware
rm -f /etc/udev/rules.d/70*
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
# simple eth0 config, again not hard-coded to the build hardware
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
PERSISTENT_DHCLIENT="yes"
EOF
# generic localhost names
cat > /etc/hosts << EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
EOF
echo .
# Because memory is scarce resource in most cloud/virt environments,
# and because this impedes forensics, we are differing from the Fedora
# default of having /tmp on tmpfs.
echo "Disabling tmpfs for /tmp."
systemctl mask tmp.mount
# make sure firstboot doesn't start
#echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
# Uncomment this if you want to use cloud init but suppress the creation
# of an "ec2-user" account. This will, in the absence of further config,
# cause the ssh key from a metadata source to be put in the root account.
#cat <<EOF > /etc/cloud/cloud.cfg.d/50_suppress_ec2-user_use_root.cfg
#users: []
#disable_root: 0
#EOF
echo "Removing random-seed so it's not the same in every p_w_picpath."
rm -f /var/lib/random-seed
echo "Cleaning old yum repodata."
yum history new
yum clean all
truncate -c -s 0 /var/log/yum.log
echo "Import RPM GPG key"
releasever=$(rpm -q --qf '%{version}\n' fedora-release)
basearch=$(uname -i)
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-19-x86_64
echo "Packages within this cloud p_w_picpath:"
echo "-----------------------------------------------------------------------"
rpm -qa
echo "-----------------------------------------------------------------------"
# Note that running rpm recreates the rpm db files which aren't needed/wanted
rm -f /var/lib/rpm/__db*
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
chattr -i /boot/extlinux/ldlinux.sys
/usr/sbin/fixfiles -R -a restore
chattr +i /boot/extlinux/ldlinux.sys
echo "Zeroing out empty space."
# This forces the filesystem to reclaim space from deleted files
dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
rm -f /var/tmp/zeros
echo "(Don't worry -- that out-of-space error was expected.)"
%end
%post --erroronfail
#
echo "Preparing initial-setup"
#
yum install -y initial-setup plymouth
touch /etc/reconfigSys
systemctl enable initial-setup-text.service
systemctl disable initial-setup-graphical.service
# Default tty is ttyS0, to display initial-setup on tty0 we need to set this explicitly
sed -i \
-e "/^StandardOutput/ a TTYPath=/dev/tty0" \
-e "/^Description/ a Before=cloud-init-local.service cloud-init.service" \
/usr/lib/systemd/system/initial-setup-text.service
%end
%post --erroronfail
#
echo "Pre-Installing oVirt stuff"
#
yum install -y http://resources.ovirt.org/pub/yum-repo/ovirt-release35.rpm
yum install -y ovirt-engine ovirt-guest-agent
#
echo "Creating a partial answer file"
#
cat > /root/ovirt-engine-answers <<__EOF__
[environment:default]
OVESETUP_CORE/engineStop=none:None
OVESETUP_DIALOG/confirmSettings=bool:True
OVESETUP_DB/database=str:engine
OVESETUP_DB/fixDbViolations=none:None
OVESETUP_DB/secured=bool:False
OVESETUP_DB/securedHostValidation=bool:False
OVESETUP_DB/host=str:localhost
OVESETUP_DB/user=str:engine
OVESETUP_DB/port=int:5432
OVESETUP_SYSTEM/nfsConfigEnabled=bool:False
OVESETUP_CONFIG/applicationMode=str:virt
OVESETUP_CONFIG/firewallManager=str:firewalld
OVESETUP_CONFIG/websocketProxyConfig=none:True
OVESETUP_CONFIG/storageType=str:nfs
OVESETUP_PROVISIONING/postgresProvisioningEnabled=bool:True
OVESETUP_APACHE/configureRootRedirection=bool:True
OVESETUP_APACHE/configureSsl=bool:True
OSETUP_RPMDISTRO/requireRollback=none:None
OSETUP_RPMDISTRO/enableUpgrade=none:None
__EOF__
%end
%post --erroronfail
#
echo "Enabling sudo for wheels"
#
sed -i "/%wheel.*NOPASSWD/ s/^#//" /etc/sudoers
passwd --delete root
passwd --expire root
%end
%packages --ignoremissing
@core
cloud-init
cloud-utils-growpart
dracut-config-generic
dracut-modules-growroot
firewalld
grubby
heat-cfntools
initial-setup
kernel-core
rsync
syslinux-extlinux
tar
%end