container/container-medium-19.ks | 1 -
container/container-medium-20.ks | 1 -
container/container-small-19.ks | 1 -
container/container-small-20.ks | 1 -
generic/fedora-20-cloud.ks | 34 +++-------------------------------
5 files changed, 3 insertions(+), 35 deletions(-)
New commits:
commit c7464dd3d99f03049708c4fbd3e280c53ac60a74
Author: Matthew Miller <mattdm@xxxxxxxxxx>
Date: Wed Oct 23 13:53:52 2013 -0400
make / smaller so it will at least launch in openstack tiny instances.
(note that in most cases growpart will take care of expanding this as approprate)
diff --git a/generic/fedora-20-cloud.ks b/generic/fedora-20-cloud.ks
index c0b986e..40e764d 100644
--- a/generic/fedora-20-cloud.ks
+++ b/generic/fedora-20-cloud.ks
@@ -29,7 +29,7 @@ services --enabled=network,sshd,rsyslog,cloud-init,cloud-init-local,cloud-config
zerombr
clearpart --all
-part / --size 2048 --fstype ext4
+part / --size 1000 --fstype ext4
# Repositories
repo --name=fedora --mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-20&arch=$basearch
commit 211981ef0dcdc0a2e3992e15f15b3fdf25ea0e20
Author: Matthew Miller <mattdm@xxxxxxxxxx>
Date: Wed Oct 23 13:50:28 2013 -0400
by popular demand, disable the iptables firewall entirely.
diff --git a/generic/fedora-20-cloud.ks b/generic/fedora-20-cloud.ks
index 2c9294e..c0b986e 100644
--- a/generic/fedora-20-cloud.ks
+++ b/generic/fedora-20-cloud.ks
@@ -19,14 +19,12 @@ auth --useshadow --enablemd5
selinux --enforcing
rootpw --lock --iscrypted locked
-# this is actually not used, but a static firewall
-# matching these rules is generated below.
-firewall --service=ssh
+firewall --disabled
bootloader --timeout=1 --append="console=ttyS0,115200n8 console=tty0" extlinux
network --bootproto=dhcp --device=eth0 --onboot=on
-services --enabled=network,sshd,rsyslog,iptables,cloud-init,cloud-init-local,cloud-config,cloud-final
+services --enabled=network,sshd,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final
zerombr
@@ -69,10 +67,6 @@ syslinux-extlinux
# Needed initially, but removed below.
firewalld
-# Basic firewall. If you're going to rely on your cloud service's
-# security groups you can remove this.
-iptables-services
-
# cherry-pick a few things from @standard
tar
rsync
@@ -141,28 +135,6 @@ yum -C -y remove linux-firmware
echo "Removing firewalld."
yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
-# Non-firewalld-firewall
-echo -n "Writing static firewall"
-cat <<EOF > /etc/sysconfig/iptables
-# Simple static firewall loaded by iptables.service. Replace
-# this with your own custom rules, run lokkit, or switch to
-# shorewall or firewalld as your needs dictate.
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
-#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
-#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
--A INPUT -j REJECT --reject-with icmp-host-prohibited
--A FORWARD -j REJECT --reject-with icmp-host-prohibited
-COMMIT
-EOF
-echo .
-
# Another one needed at install time but not after that, and it pulls
# in some unneeded deps (like, newt and slang)
echo "Removing authconfig."
commit a8d12254e33bd998bc6ad285c6b956917159e833
Author: Matthew Miller <mattdm@xxxxxxxxxx>
Date: Tue Oct 22 12:34:26 2013 -0400
uh, don't create device file that i will then be just removing.
diff --git a/container/container-medium-19.ks b/container/container-medium-19.ks
index 44df6f4..484fb50 100644
--- a/container/container-medium-19.ks
+++ b/container/container-medium-19.ks
@@ -67,7 +67,6 @@ echo .
# create devices which appliance-creator does not
ln -s /proc/kcore /dev/core
-mknod -m 600 /dev/console c 5 1
mknod -m 660 /dev/loop0 b 7 0
mknod -m 660 /dev/loop1 b 7 1
rm -rf /dev/console
diff --git a/container/container-medium-20.ks b/container/container-medium-20.ks
index a644264..05cd1b2 100644
--- a/container/container-medium-20.ks
+++ b/container/container-medium-20.ks
@@ -68,7 +68,6 @@ echo .
# create devices which appliance-creator does not
ln -s /proc/kcore /dev/core
-mknod -m 600 /dev/console c 5 1
mknod -m 660 /dev/loop0 b 7 0
mknod -m 660 /dev/loop1 b 7 1
rm -rf /dev/console
diff --git a/container/container-small-19.ks b/container/container-small-19.ks
index 3fcd63d..5273bac 100644
--- a/container/container-small-19.ks
+++ b/container/container-small-19.ks
@@ -61,7 +61,6 @@ echo .
# create devices which appliance-creator does not
ln -s /proc/kcore /dev/core
-mknod -m 600 /dev/console c 5 1
mknod -m 660 /dev/loop0 b 7 0
mknod -m 660 /dev/loop1 b 7 1
rm -rf /dev/console
diff --git a/container/container-small-20.ks b/container/container-small-20.ks
index bc44013..4cfad1a 100644
--- a/container/container-small-20.ks
+++ b/container/container-small-20.ks
@@ -61,7 +61,6 @@ echo .
# create devices which appliance-creator does not
ln -s /proc/kcore /dev/core
-mknod -m 600 /dev/console c 5 1
mknod -m 660 /dev/loop0 b 7 0
mknod -m 660 /dev/loop1 b 7 1
rm -rf /dev/console
_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
