openSUSE Autoinstall

Download

autoinstall@lists.opensuse.org

February 2022

4 participants
1 discussions

AutoYaST - Is there a way to specify the LSM to use in the autoinst.xml control file?
by Jinesh Choksi 07 Feb '22

07 Feb '22

I've created an AutoYaST control file (autoinst.xml) which installs an openSUSE Tumbleweed system for use as a Virtual Machine OS. There are three issues I've not been able to fing a solution/workaround for: 1. There doesn't seem to be a way to specify which Linux Security Module is selected via autoinst.xml. This means that my attempts to remove apparmor related patterns / packages fail and it requires manual intervention. As far as I can tell, the LSM is specified in the control.xml file in the openSUSE installation media's /x86_64/openSUSE-release-*.rpm package and I don't know how I can override it. 2. After looking at examples on how to prompt the user for a hostname, I believe I've configured the control file correctly but it never sets the machine's hostname to the value the user provides. It always sets it to the literal value of the <hostname>...</hostname> tag. Does anyone see anything wrong with the control file? <?xml version="1.0"?> <!DOCTYPE profile> <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns"> <add-on t="map"> <add_on_others t="list"> <listentry t="map"> <alias>download.opensuse.org-oss</alias> <media_url>https://mirrorcache-eu.opensuse.org/tumbleweed/repo/oss/</media_url> <name>Main Repository (OSS)</name> <priority t="integer">99</priority> <product_dir>/</product_dir> </listentry> <listentry t="map"> <alias>download.opensuse.org-non-oss</alias> <media_url>https://mirrorcache-eu.opensuse.org/tumbleweed/repo/non-oss/</media_url> <name>Main Repository (NON-OSS)</name> <priority t="integer">99</priority> <product_dir>/</product_dir> </listentry> <listentry t="map"> <alias>download.opensuse.org-tumbleweed</alias> <media_url>https://mirrorcache-eu.opensuse.org/update/tumbleweed/</media_url> <name>Main Update Repository</name> <priority t="integer">99</priority> <product_dir>/</product_dir> </listentry> </add_on_others> </add-on> <bootloader t="map"> <global t="map"> <append>mitigations=auto loglevel=4 systemd.log_level=warning udev.log_level=warning</append> <cpu_mitigations>auto</cpu_mitigations> <hiddenmenu>false</hiddenmenu> <os_prober>false</os_prober> <secure_boot>true</secure_boot> <terminal>console</terminal> <timeout t="integer">10</timeout> </global> <loader_type>grub2-efi</loader_type> </bootloader> <general t="map"> <ask-list t="list"> <ask> <pathlist t="list"> <path>networking,dns,hostname</path> </pathlist> <question>Enter a FQDN Hostname (Long Format) for this machine</question> <stage>initial</stage> <default>localhost.localdomain</default> <help>Provide a fully qualified hostname for this machine.</help> <title>Hostname</title> <type>string</type> </ask> </ask-list> <semi-automatic t="list"> <semi-automatic_entry>networking</semi-automatic_entry> <semi-automatic_entry>partitioning</semi-automatic_entry> </semi-automatic> <mode t="map"> <confirm t="boolean">true</confirm> <second_stage t="boolean">false</second_stage> </mode> </general> <groups t="list"> <group t="map"> <encrypted t="boolean">true</encrypted> <gid>100</gid> <group_password>x</group_password> <groupname>users</groupname> <userlist/> </group> <group t="map"> <encrypted t="boolean">true</encrypted> <gid>0</gid> <group_password>x</group_password> <groupname>root</groupname> <userlist/> </group> </groups> <host t="map"> <hosts t="list"> <hosts_entry t="map"> <host_address>127.0.0.1</host_address> <names t="list"> <name>localhost</name> <name>localhost.localdomain</name> </names> </hosts_entry> <hosts_entry t="map"> <host_address>::1</host_address> <names t="list"> <name>localhost ipv6-localhost ipv6-loopback</name> </names> </hosts_entry> <hosts_entry t="map"> <host_address>fe00::0</host_address> <names t="list"> <name>ipv6-localnet</name> </names> </hosts_entry> <hosts_entry t="map"> <host_address>ff00::0</host_address> <names t="list"> <name>ipv6-mcastprefix</name> </names> </hosts_entry> <hosts_entry t="map"> <host_address>ff02::1</host_address> <names t="list"> <name>ipv6-allnodes</name> </names> </hosts_entry> <hosts_entry t="map"> <host_address>ff02::2</host_address> <names t="list"> <name>ipv6-allrouters</name> </names> </hosts_entry> <hosts_entry t="map"> <host_address>ff02::3</host_address> <names t="list"> <name>ipv6-allhosts</name> </names> </hosts_entry> </hosts> </host> <language t="map"> <language>en_GB</language> <languages>en_GB</languages> </language> <networking t="map"> <dns t="map"> <hostname>foo</hostname> <domain>bar</domain> <dhcp_hostname t="boolean">false</dhcp_hostname> <resolv_conf_policy>auto</resolv_conf_policy> </dns> <backend>wicked</backend> </networking> <services-manager t="map"> <default_target>multi-user</default_target> </services-manager> <software t="map"> <install_recommended t="boolean">true</install_recommended> <packages t="list">  <package>glibc-locale</package> <package>curl</package> </packages> <patterns t="list">  <pattern>base</pattern> <pattern>minimal_base</pattern> </patterns> <remove-packages t="list">  <package>adjtimex</package> <package>apparmor-abstractions</package> <package>augeas-lenses</package> <package>cpio-mt</package> <package>cracklib</package> <package>dmraid</package> <package>dnsmasq</package> <package>dump-rmt</package> <package>ibmtss-base</package> <package>irqbalance</package> <package>kernel-firmware-all</package> <package>kernel-firmware</package> <package>ModemManager</package> <package>mt-st</package> <package>numactl</package> <package>patterns-base-apparmor</package> <package>rp-pppoe</package> <package>schily-mt</package> <package>schily-rmt</package> <package>sg3_utils</package> <package>sound-theme-freedesktop</package> <package>tar-rmt</package> <package>ucode-amd</package> <package>ucode-intel</package> <package>zypper-lifecycle-plugin</package> </remove-packages> <remove-patterns t="list">  <pattern>apparmor</pattern> </remove-patterns> <products t="list"> <product>openSUSE</product> </products> </software> <timezone t="map"> <hwclock>UTC</hwclock> <timezone>Europe/London</timezone> </timezone> <keyboard> <keymap>english-uk</keymap> </keyboard> <user_defaults t="map"> <expire/> <group>100</group> <groups/> <home>/home</home> <inactive>-1</inactive> <no_groups t="boolean">true</no_groups> <shell>/bin/bash</shell> <skel>/etc/skel</skel> <umask>022</umask> </user_defaults> <users t="list"> <user t="map"> <authorized_keys t="list"/> <encrypted t="boolean">false</encrypted> <fullname>root</fullname> <gid>0</gid> <home>/root</home> <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> <password_settings t="map"> <expire/> <flag/> <inact/> <max/> <min/> <warn/> </password_settings> <shell>/bin/bash</shell> <uid>0</uid> <user_password>Passw0rd</user_password> <username>root</username> </user> </users> <scripts t="map">  <chroot-scripts t="list"> <script> <chrooted t="boolean">true</chrooted> <filename>chroot-post.sh</filename> <interpreter>/bin/bash -x</interpreter> <notification>Please wait while chroot-post.sh script is running...</notification> <source><![CDATA[#!/usr/bin/env bash echo "### Placeholder for things to configure:" ]]> </source> </script> </chroot-scripts> </scripts> </profile> 3. The following does not provide the user the ability to manually configure the network settings but they can configure customise the disk partitioning. Am I missing something? <semi-automatic t="list"> <semi-automatic_entry>networking</semi-automatic_entry> <semi-automatic_entry>partitioning</semi-automatic_entry> </semi-automatic> regards, Jinesh

4 7