From jinesh@onelittlehope.com Sun Feb 6 13:07:59 2022 From: Jinesh Choksi To: autoinstall@lists.opensuse.org Subject: AutoYaST - Is there a way to specify the LSM to use in the autoinst.xml control file? Date: Sun, 06 Feb 2022 13:07:56 +0000 Message-ID: <164415287670.23547.18118427784301107879@mailman3.infra.opensuse.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1943967049567648755==" --===============1943967049567648755== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I've created an AutoYaST control file (autoinst.xml) which installs an openSU= SE Tumbleweed system for use as a Virtual Machine OS. There are three issues = I've not been able to fing a solution/workaround for: 1. There doesn't seem to be a way to specify which Linux Security Module is s= elected via autoinst.xml. This means that my attempts to remove apparmor rela= ted patterns / packages fail and it requires manual intervention. As far as I= can tell, the LSM is specified in the control.xml file in the openSUSE insta= llation media's /x86_64/openSUSE-release-*.rpm package and I don't know how I= can override it. 2. After looking at examples on how to prompt the user for a hostname, I beli= eve I've configured the control file correctly but it never sets the machine'= s hostname to the value the user provides. It always sets it to the literal v= alue of the ... tag. Does anyone see anything wrong with= the control file? download.opensuse.org-oss https://mirrorcache-eu.opensuse.org/tumbleweed/repo/os= s/ Main Repository (OSS) 99 / download.opensuse.org-non-oss https://mirrorcache-eu.opensuse.org/tumbleweed/repo/no= n-oss/ Main Repository (NON-OSS) 99 / download.opensuse.org-tumbleweed https://mirrorcache-eu.opensuse.org/update/tumbleweed/= Main Update Repository 99 / mitigations=3Dauto loglevel=3D4 systemd.log_level=3Dwarning= udev.log_level=3Dwarning auto false false true console 10 grub2-efi networking,dns,hostname Enter a FQDN Hostname (Long Format) for this machine initial localhost.localdomain Provide a fully qualified hostname for this machine. Hostname string networking partitioning true false true 100 x users true 0 x root 127.0.0.1 localhost localhost.localdomain ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts en_GB en_GB foo bar false auto wicked multi-user true glibc-locale curl base minimal_base adjtimex apparmor-abstractions augeas-lenses cpio-mt cracklib dmraid dnsmasq dump-rmt ibmtss-base irqbalance kernel-firmware-all kernel-firmware ModemManager mt-st numactl patterns-base-apparmor rp-pppoe schily-mt schily-rmt sg3_utils sound-theme-freedesktop tar-rmt ucode-amd ucode-intel zypper-lifecycle-plugin apparmor openSUSE UTC Europe/London english-uk 100 /home -1 true /bin/bash /etc/skel 022 false root 0 /root false /bin/bash 0 Passw0rd root 3. The following does not provide the user the ability to manually configure = the network settings but they can configure customise the disk partitioning. = Am I missing something? networking partitioning regards, Jinesh --===============1943967049567648755==-- From IGonzalezSosa@suse.com Mon Feb 7 12:12:40 2022 From: Imobach Gonzalez Sosa To: autoinstall@lists.opensuse.org Subject: Re: AutoYaST - Is there a way to specify the LSM to use in the autoinst.xml control file? Date: Mon, 07 Feb 2022 12:12:29 +0000 Message-ID: <8d21da72c37df43d2e0a27bd6978b79e2d76626e.camel@suse.com> In-Reply-To: <164415287670.23547.18118427784301107879@mailman3.infra.opensuse.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4879580901434887240==" --===============4879580901434887240== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit El dom, 06-02-2022 a las 13:07 +0000, Jinesh Choksi escribió: > I've created an AutoYaST control file (autoinst.xml) which installs > an openSUSE Tumbleweed system for use as a Virtual Machine OS. There > are three issues I've not been able to fing a solution/workaround > for: > Hi Jinesh, > 1. There doesn't seem to be a way to specify which Linux Security > Module is selected via autoinst.xml. This means that my attempts to > remove apparmor related patterns / packages fail and it requires > manual intervention. As far as I can tell, the LSM is specified in > the control.xml file in the openSUSE installation media's > /x86_64/openSUSE-release-*.rpm package and I don't know how I can > override it. > Good news! This feature was introduced recently :-). It is included in yast2-security 4.4.10, so it will be available in openSUSE Leap 15.4 and it is already available in the latest Tumbleweed version (20220204). The LSM is selected within the section: selinux You can select "selinux", "apparmor" and "none". The documentation is being updated. Of course, you might need to remove the apparmor patterns/packages from the software section. > 2. After looking at examples on how to prompt the user for a > hostname, I believe I've configured the control file correctly but it > never sets the machine's hostname to the value the user provides. It > always sets it to the literal value of the ... > tag. Does anyone see anything wrong with the control file? I can confirm this problem. I am having a look into it. > 3. The following does not provide the user the ability to manually > configure the network settings but they can configure customise the > disk partitioning. Am I missing something? > >     >       networking >       partitioning >     The networking client will not run in these situations: a) you already specified the interfaces configuration in the networking section of the AutoYaST profile. b) you are using NetworkManager. Now that we have basic support for NetworkManager, I would say that we should run the client *always*. In case we want to keep a), we need to improve the detection of such a situation (e.g., if your system is already connected to the network in order to read the AutoYaST profile, we consider the network as already configured -and perhaps we should not-). But maybe I am missing something. Knut/Michal, could you clarify? > regards, Regards, Imo -- Imobach González Sosa YaST Team at SUSE LLC https://imobachgs.github.io/ --===============4879580901434887240==-- From IGonzalezSosa@suse.com Mon Feb 7 12:22:25 2022 From: Imobach Gonzalez Sosa To: autoinstall@lists.opensuse.org Subject: Re: AutoYaST - Is there a way to specify the LSM to use in the autoinst.xml control file? Date: Mon, 07 Feb 2022 12:22:17 +0000 Message-ID: <01284224f99496eba356c879a6afa2540c6db289.camel@suse.com> In-Reply-To: <8d21da72c37df43d2e0a27bd6978b79e2d76626e.camel@suse.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4208632415244109056==" --===============4208632415244109056== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit El lun, 07-02-2022 a las 12:12 +0000, Imobach Gonzalez Sosa escribió: [..] > > 2. After looking at examples on how to prompt the user for a > > hostname, I believe I've configured the control file correctly but > > it > > never sets the machine's hostname to the value the user provides. > > It > > always sets it to the literal value of the ... > > tag. Does anyone see anything wrong with the control file? > > I can confirm this problem. I am having a look into it. > Finally, this one is a legit bug: https://bugzilla.suse.com/show_bug.cgi?id=1195630 Thanks for noticing! Regards, Imo -- Imobach González Sosa YaST Team at SUSE LLC https://imobachgs.github.io/ --===============4208632415244109056==-- From vetter@physik.uni-wuerzburg.de Mon Feb 7 13:41:18 2022 From: Andreas Vetter To: autoinstall@lists.opensuse.org Subject: Re: AutoYaST - Is there a way to specify the LSM to use in the autoinst.xml control file? Date: Mon, 07 Feb 2022 14:12:52 +0100 Message-ID: <5816697.lOV4Wx5bFT@wpyf128> In-Reply-To: <01284224f99496eba356c879a6afa2540c6db289.camel@suse.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3538244777059861406==" --===============3538244777059861406== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Montag, 7. Februar 2022 13:22:17 CET Imobach Gonzalez Sosa wrote: > El lun, 07-02-2022 a las 12:12 +0000, Imobach Gonzalez Sosa escribi=C3=B3: > > > 2. After looking at examples on how to prompt the user for a > > > hostname, I believe I've configured the control file correctly but > > > it > > > never sets the machine's hostname to the value the user provides. > > > It > > > always sets it to the literal value of the ... > > > tag. Does anyone see anything wrong with the control file? > >=20 > >=20 > > I can confirm this problem. I am having a look into it. > >=20 >=20 >=20 > Finally, this one is a legit bug: > https://bugzilla.suse.com/show_bug.cgi?id=3D1195630 It is non public: You are not authorized to access bug #1195630. To see this bug, you must firs= t=20 log in to an account with the appropriate permissions.=20 Can you please open it? --=20 Mit freundlichen Gruessen, Andreas Vetter --===============3538244777059861406==-- From ancor@suse.de Mon Feb 7 14:13:51 2022 From: Ancor Gonzalez Sosa To: autoinstall@lists.opensuse.org Subject: Re: AutoYaST - Is there a way to specify the LSM to use in the autoinst.xml control file? Date: Mon, 07 Feb 2022 15:13:45 +0100 Message-ID: <38d01a2f-8ffd-682a-2876-cc5816bc3745@suse.de> In-Reply-To: <5816697.lOV4Wx5bFT@wpyf128> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6280593559425176675==" --===============6280593559425176675== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On 2/7/22 14:12, Andreas Vetter wrote: > On Montag, 7. Februar 2022 13:22:17 CET Imobach Gonzalez Sosa wrote: >> El lun, 07-02-2022 a las 12:12 +0000, Imobach Gonzalez Sosa escribi=C3=B3: >=20 >>>> 2. After looking at examples on how to prompt the user for a >>>> hostname, I believe I've configured the control file correctly but >>>> it >>>> never sets the machine's hostname to the value the user provides. >>>> It >>>> always sets it to the literal value of the ... >>>> tag. Does anyone see anything wrong with the control file? >>> >>> >>> I can confirm this problem. I am having a look into it. >>> >> >> >> Finally, this one is a legit bug: >> https://bugzilla.suse.com/show_bug.cgi?id=3D1195630 >=20 > It is non public: > You are not authorized to access bug #1195630. To see this bug, you must fi= rst=20 > log in to an account with the appropriate permissions.=20 >=20 > Can you please open it? I moved it from the product "SLES-15-SP4" to the product "Public SLES-15-SP4". Please verify it's accessible now. Cheers. --=20 Ancor Gonz=C3=A1lez Sosa YaST Team at SUSE Software Solutions --===============6280593559425176675==-- From vetter@physik.uni-wuerzburg.de Mon Feb 7 15:41:04 2022 From: Andreas Vetter To: autoinstall@lists.opensuse.org Subject: Re: AutoYaST - Is there a way to specify the LSM to use in the autoinst.xml control file? Date: Mon, 07 Feb 2022 16:40:59 +0100 Message-ID: <2646761.mvXUDI8C0e@wpyf128> In-Reply-To: <38d01a2f-8ffd-682a-2876-cc5816bc3745@suse.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5138763995125789388==" --===============5138763995125789388== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit On Montag, 7. Februar 2022 15:13:45 CET Ancor Gonzalez Sosa wrote: > On 2/7/22 14:12, Andreas Vetter wrote: > > On Montag, 7. Februar 2022 13:22:17 CET Imobach Gonzalez Sosa wrote: > >> El lun, 07-02-2022 a las 12:12 +0000, Imobach Gonzalez Sosa escribió: > >>>> 2. After looking at examples on how to prompt the user for a > >>>> hostname, I believe I've configured the control file correctly but > >>>> it > >>>> never sets the machine's hostname to the value the user provides. > >>>> It > >>>> always sets it to the literal value of the ... > >>>> tag. Does anyone see anything wrong with the control file? > >>> > >>> I can confirm this problem. I am having a look into it. > >> > >> Finally, this one is a legit bug: > >> https://bugzilla.suse.com/show_bug.cgi?id=1195630 > > > > It is non public: > > You are not authorized to access bug #1195630. To see this bug, you must > > first log in to an account with the appropriate permissions. > > > > Can you please open it? > > I moved it from the product "SLES-15-SP4" to the product "Public > SLES-15-SP4". Please verify it's accessible now. > > Cheers. Thank you, it is open now. -- Mit freundlichen Gruessen, Andreas Vetter --===============5138763995125789388==-- From IGonzalezSosa@suse.com Mon Feb 7 16:52:40 2022 From: Imobach Gonzalez Sosa To: autoinstall@lists.opensuse.org Subject: Re: AutoYaST - Is there a way to specify the LSM to use in the autoinst.xml control file? Date: Mon, 07 Feb 2022 16:52:31 +0000 Message-ID: In-Reply-To: <01284224f99496eba356c879a6afa2540c6db289.camel@suse.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5726174436993210681==" --===============5726174436993210681== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit El lun, 07-02-2022 a las 12:22 +0000, Imobach Gonzalez Sosa escribió: > El lun, 07-02-2022 a las 12:12 +0000, Imobach Gonzalez Sosa escribió: > > > [..] > > > > 2. After looking at examples on how to prompt the user for a > > > hostname, I believe I've configured the control file correctly > > > but > > > it > > > never sets the machine's hostname to the value the user provides. > > > It > > > always sets it to the literal value of the > > > ... > > > tag. Does anyone see anything wrong with the control file? > > > > I can confirm this problem. I am having a look into it. > > > > Finally, this one is a legit bug: > https://bugzilla.suse.com/show_bug.cgi?id=1195630 Hi all, We have submitted a fix for the problems in points 2) and 3). When autoyast2 4.4.29 enters in Tumbleweed: * The hostname should be set correctly. * You should see the networking configuration module during installation. If you are in a hurry, you can get our packages from the YaST:Head repository[1] and build a Driver Update Disk to be used during installation: mkdud --create your.dud --dist tw --install instsys *.rpm Do not forget to include "autoyast2" and "autoyast2-installation" RPMs. Then, when booting the installation, you need to set the dud= boot option so AutoYaST can find the update. See SDB:Linuxrc[2] for further information. If you are not in a hurry, you could just wait for a few days until the fix is included 🙂 Do not hesitate to ask if you have more questions. Thanks! Regards, Imo [1] https://build.opensuse.org/package/show/YaST:Head/autoyast2 [2] https://en.opensuse.org/SDB:Linuxrc#p_dud -- Imobach González Sosa YaST Team at SUSE LLC https://imobachgs.github.io/ --===============5726174436993210681==-- From jinesh@onelittlehope.com Mon Feb 7 20:07:48 2022 From: Jinesh Choksi To: autoinstall@lists.opensuse.org Subject: Re: AutoYaST - Is there a way to specify the LSM to use in the autoinst.xml control file? Date: Mon, 07 Feb 2022 20:07:43 +0000 Message-ID: <164426446372.7016.1644820174753173718@mailman3.infra.opensuse.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4708407975504890909==" --===============4708407975504890909== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable > We have submitted a fix for the problems in points 2) and 3). When autoyast= 2 4.4.29 enters in Tumbleweed: Thank you very much for looking into the matter and resolving all three of my= issues. --===============4708407975504890909==--