-
Notifications
You must be signed in to change notification settings - Fork 2
/
README
247 lines (218 loc) · 11.2 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
Utility to bootstrap RHEL/CentOS/Rocky and Fedora systems
=========================================================
On Debian/Ubuntu there is debootstrap(8) utility that takes number of
parameters and installs packages for selected release to given directory
that later can be used as base system (chroot) for multiple purposes
(e.g. containers, NFS root, etc).
There is no known (at least to me) similar tool for RHEL/Fedora systems.
This utility tries to fill this gap and provide similar functionality
to debootstrap(8) with some useful extra features.
Features
--------
o Bootstrap packages to given directory based on provided information
o Minimal installation support
o RHEL/CentOS/Rocky 7, 8 and 9 (including -stream) support
o Fedora 10+ support
o Install packages and configure current system if no directory given
o Profiles support to select options, package groups and packages
o Preconfigured profiles for
- Xorg, Xspice, Xrdp and x2go as X11 servers
- XFCE and MATE as desktop environment, lightdm/sddm as DM
- hypervisor host (libvirt + KVM, libvirt + XEN on CentOS 7 only)
- text full (command line utilities and tools)
o Options to apply specific tuning
- SELinux mode control (e.g. enforced, permissive, disabled)
- Add country code (cc) to mirrorlist URL to restrict mirror choice
by yum(8)/dnf(8) to certain countries (e.g. US, UA, BY, etc)
- NFS root (build generic initramfs, symlink it and vmlinuz to
filesystem root similar to Debian/Ubuntu /initrd.img and /vmlinuz)
- Read-only root support (make /etc writable through config)
- Libvirt sockets and authentication control; user to run qemu
system instance; enable/disable nested KVM
- Enable/disable certain repos (e.g. EPEL, ELrepo, RPMfusion, etc)
and install profile selected packages from them (e.g. vlc)
- Helpers to create automatic password for given user (e.g. root)
on each boot. Useful for multiple NFS readonly root instances
with SSH enabled
- Enable serial cosole in GRUB2 and kernels
- Modify /etc/issue, /etc/issue.net and /etc/motd
- Control zswap.enabled=1 and nosmt kernel command line parameters
o Build reproducibility by storing utility itself with profile file
and run.sh wrapper with command line options in /.rhbootstrap
Requirements
------------
Build host requires RHEL/CentOS/Rocky 8 and above, POSIX-like shell (e.g.
bash or dash) and set of common utilities (e.g. sed, ln, rm, etc) listed
in Requires: tag in utility.
Usage
-----
Usage: rhbootstrap.sh [options] [<install_root>]
Options and their defaults:
--arch=x86_64
System processor (CPU) architecture to install packages for.
Only AMD64 (x86_64) supported at the moment
--releasever=9
Supported RHEL/CentOS/Rocky/Fedora release version
--install-langs=<all>
(rpm) install localization files for given languages (e.g. 'en:uk')
--install-weak-deps, --no-install-weak-deps
(rpm) avoid installing packages weak dependencies. Weak deps are
such deps that provide extended functionality to installed package
and not mandatory for package functionality
--nodocs
(rpm) do not install documentation (i.e. one in /usr/share/doc)
--cc=<none>
(yum) country code variable for yum(8) repo mirrorlist URL
to restrict selected mirrors to given country
--config=<none>
File with packages and/or groups to install
--minimal-install
Short cut to install only base set of packages regardless of --config
--no-repo-epel, --repo-epel
Disable/enable EPEL repository and selected packages from it
--repo-elrepo, --no-repo-elrepo
Enable/disable ELRepo and selected packages from it
--repo-rpmfusion, --no-repo-rpmfusion
Enable/disable RPM Fusion and selected packages from it
--repo-virtio-win, --no-repo-virtio-win
Enable/disable VirtIO-Win repository and selected
packages from it, ignored if oVirt repository enabled
--repo-advanced-virtualization, --no-repo-advanced-virtualization
Enable/disable Advanced Virtualization repository and senected
packages from it, ignored if oVirt or OpenStack repository enabled
--repo-openstack, --no-repo-openstack
Enable/disable OpenStack repository and selected
packages from it, ignored if oVirt repository enabled
--repo-ovirt, --no-repo-ovirt
Enable/disable oVirt repository and selected packages
from it, ignored if OpenStack repository enabled
--repo-nfv-openvswitch, --no-repo-nfv-openvswitch
Enable/disable NFV-OpenvSwitch repository and selected packages
from it, ignored if OpenStack or oVirt repositories enabled
--nfs-root
Prepare bootstrapped system for use as NFS root and make initramfs
capable of network boot (e.g. via PXE); inhibits --minimal-install,
makes --selinux=permissive if --readonly-root is given; omits
boot loader (e.g. grub2 and shim) packages, adds dracut-generic-config
--selinux=<unmodified>
Configure SELinux mode in /etc/sysconfig/selinux to one of the
following values: enforcing, permissive or disabled
--readonly-root
Enable read-only root filesystem support via
/etc/sysconfig/readonly-root $READONLY and other variables; enables
--autopassword-root unless --passwordless-root is set
--passwordless-root, --no-passwordless-root
Make root user passwordless to enable login without password; remote
logins via ssh to root will be unavailable (see PermitEmptyPasswords
option in sshd_config(8)); option --autopassword-root overrides it
--autopassword-root, --no-autopassword-root
Make root user password autogenerated from /dev/urandom data
on each system boot and shown by getty from /etc/issue on local
(e.g. serial and/or virtual) consoles; enabled if --readonly-root
set and --passwordless-root is unset, enables remote logins via ssh
--no-tmp-mount, --tmp-mount=25
Mount /tmp as regular filesystem or tmpfs with size up to
25% of system RAM. Valid value range is
[10...50]
--plymouth-theme=<none>
Enable plymouth and select theme
--serial-console=<console=name,options|1>, --no-serial-console
Enable/disable console on serial line; if value is 1 use default console
settings (console=ttyS0,115200n8)
--zswap-enabled, --no-zswap-enabled
Add zswap.enabled=1 to kernel command line options to enable zSwap kernel
memory management subsystem feature. This could improve overall system
responsiveness on systems with high memory usage by delaying swap to disk;
has no effect if grub2 is not installed (e.g. when --nfs-root is given)
--nosmt, --no-nosmt
Add nosmt to kernel command line options to disable SMT (Hyper-Threading)
that could be useful for some workloads as well as help to mitigate
certain CPU bugs (e.g. l1tf); has no effect if grub2 is not installed
(e.g. when --nfs-root is given)
--login-banners, --no-login-banners
Modify/keep login banners in /etc/issue, /etc/issue.net and /etc/motd
making them (e.g. /etc/issue) to provide host useful information
(e.g. IPv4 and IPv6 addresses matching hostname) hiding kernel version
--autorelabel
Add .autorelabel to <install_root> or / if <install_root> not given
--nameservers=${nameservers:-<value>}, --no-nameservers
Configure or do not configure resolv.conf with specified nameserver(s)
--nm-dnsmasq-split=${nm_dnsmasq_split:-<none>}, --no-nm-dnsmasq-split
Configure or do not configure NetworkManager with DNS split. Available
options are 1 with dnsmasq(8) instance supervised by NetworkManager, 2
with external dnsmasq(8) instance and NetworkManager dispatcher hooks to
manage split records in /run/dnsmasq.servers-file.
--kvm-nested, --no-kvm-nested
Enable/disable KVM nested virtualization via /etc/modprobe.d/kvm.conf.
Will require module (or system) reload to take effect.
--libvirt-qemu-user=<unmodified>
Update user and group directives in /etc/libvirt/qemu.conf with user
name to run qemu-kvm system instance as; value is either user name or
integer greather than or equal to zero, otherwise default
qemu is used
--libvirt-unix-group=<unmodified>
Local UNIX socket group ownership. Together with --libvirt-unix-ro-perms
and --libvirt-unix-rw-perms controls access type to libvirt sockets by
users membered in specified group
--libvirt-unix-ro-perms=<unmodified>
Local UNIX read-only socket permissions. Used together with
--libvirt-unix-group to restrict users who can access libvirt R/O socket
--libvirt-unix-rw-perms=<unmodified>
Local UNIX read-write socket permissions. Used together with
--libvirt-unix-group to restrict users who can access libvirt R/W socket
--libvirt-unix-auth-ro=<unmodified>
Set libvirt UNIX R/O socket authentication scheme to "none", "sasl"
or "polkit" (default)
--libvirt-unix-auth-rw=<unmodified>
Set libvirt UNIX R/W socket authentication scheme to "none", "sasl"
or "polkit" (default)
--force
Force bootstrap and remove <install_root> if it already exists
--no-build-info
Do not add .rhbootstrap/ with build information to <install_root>;
implied when no <install_root> is given
--help, --usage
This help/usage message
--version
This program version
If <install_root> is given perform chrooted installation to that directory.
Otherwise install into system we running on (default).
Examples
--------
1. Build CentOS 8 readonly NFS root using text-full profile
root@localhost# ~/rhbootstrap/sh \
--releasever 8 \
--cc us \
--config ~/rhbootstrap/conf.d/centos/8/text-full.nfs-root-readonly.conf
or with options specified at command line and --force to remove existing
# ~/rhbootstrap/sh \
--force \
--releasever 8 \
--cc us \
--config ~/rhbootstrap/conf.d/centos/8/text-full.conf \
--nfs-root \
--readonly-root
2. Install CentOS 7 hypervisor host with libvirt and XEN (from Virt SIG)
packages and apply libvirt config that uses socket permissions only for
authentication
# ~/rhbootstrap/sh \
--releasever 7 \
--cc ua \
--config ~/rhbootstrap/conf.d/centos/7/libvirt-xen.conf \
--libvirt-qemu-user=qemu \
--libvirt-unix-group=libvirt \
--libvirt-unix-ro-perms=0777 \
--libvirt-unix-rw-perms=0770 \
--libvirt-unix-auth-ro=none \
--libvirt-unix-auth-rw=none
3. Install CentOS 7 development workstation with MATE desktop, libvirt
and KVM EV (Enterprise Virtualization) from Virt SIG
# ~/rhbootstrap/sh \
--releasever 7 \
--cc ua \
--config ~/rhbootstrap/conf.d/centos/7/libvirt-kvm.xorg-desktop-mate.conf
4. Install CentOS 8 with XFCE desktop and x2go for remote desktop experience
# ~/rhbootstrap/sh \
--releasever 8 \
--cc us \
--config ~/rhbootstrap/conf.d/centos/8/x2go-desktop-xfce.conf