From efa4233289891eaf15863e981a2de7605f6af8fd Mon Sep 17 00:00:00 2001
From: "Stephen A. Zarkos" <stephen.zarkos@microsoft.com>
Date: Tue, 12 Jun 2018 12:37:03 -0700
Subject: [PATCH] Merge kickstart config for Azure

---
 cloudimg/CentOS-7-x86_64-Azure.ks | 226 ++++++++++++++++--------------
 1 file changed, 123 insertions(+), 103 deletions(-)

diff --git a/cloudimg/CentOS-7-x86_64-Azure.ks b/cloudimg/CentOS-7-x86_64-Azure.ks
index e935f7d..7e59b5e 100644
--- a/cloudimg/CentOS-7-x86_64-Azure.ks
+++ b/cloudimg/CentOS-7-x86_64-Azure.ks
@@ -1,78 +1,90 @@
+# Kickstart for creating a CentOS 7 Azure VM
+
+# System authorization information
 auth --enableshadow --passalgo=sha512
-reboot
-url --url="mirror.centos.org/centos/7/os/x86_64"
-firewall --enabled --service=ssh
+
+# Use text install
+text
+
+# Do not run the Setup Agent on first boot
 firstboot --disable
-ignoredisk --only-use=vda
+
+# Keyboard layouts
 keyboard --vckeymap=us --xlayouts='us'
+
 # System language
 lang en_US.UTF-8
+
+# Network information
+network --bootproto=dhcp
+network --hostname=localhost.localdomain
+firewall --enabled --service=ssh
+
+# Use network installation
+url --url="mirror.centos.org/centos/7/os/x86_64"
 repo --name "os" --baseurl="http://mirror.centos.org/centos/7/os/x86_64/" --cost=100
 repo --name "updates" --baseurl="http://mirror.centos.org/centos/7/updates/x86_64/" --cost=100
 repo --name "extras" --baseurl="http://mirror.centos.org/centos/7/extras/x86_64/" --cost=100
-# Network information
-network  --bootproto=dhcp
-network  --hostname=localhost.localdomain
+
 # Root password
-rootpw --iscrypted thereisnopasswordanditslocked
+rootpw --plaintext "to_be_disabled"
 selinux --enforcing
-services --disabled="kdump" --enabled="network,sshd,rsyslog,chronyd"
-timezone UTC --isUtc
-# Disk
-bootloader --append="console=tty0" --location=mbr --timeout=1 --boot-drive=vda
+
+# System services
+services --disabled="kdump,abrtd" --enabled="network,sshd,rsyslog,chronyd,waagent,dnsmasq,NetworkManager"
+%addon com_redhat_kdump --disable
+%end
+
+# System timezone
+timezone Etc/UTC --isUtc
+
+# Disk partitioning information
 zerombr
-clearpart --all --initlabel 
-part / --fstype="xfs" --ondisk=vda --size=4096 --grow
+clearpart --all --initlabel
+part /boot --fstype="xfs" --size=500
+part / --fstype="xfs" --size=1 --grow --asprimary
 
-%post --erroronfail
-passwd -d root
-passwd -l root
+# System bootloader configuration
+bootloader --append="console=tty0" --location=mbr --timeout=1
 
-# setup systemd to boot to the right runlevel
-rm -f /etc/systemd/system/default.target
-ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+# Don't configure X
+skipx
 
-yum -C -y remove linux-firmware
+# Power down the machine after install
+poweroff
 
-# Remove firewalld; it is required to be present for install/image building.
-# but we dont ship it in cloud
-yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
-yum -C -y remove avahi\* Network\*
-sed -i '/^#NAutoVTs=.*/ a\
-NAutoVTs=0' /etc/systemd/logind.conf
 
-cat > /etc/sysconfig/network << EOF
-NETWORKING=yes
-NOZEROCONF=yes
-EOF
+%packages
+@base
+@console-internet
+chrony
+cifs-utils
+sudo
+python-pyasn1
+parted
+WALinuxAgent
+hypervkvpd
+-dracut-config-rescue
+%end
 
-rm -f /etc/udev/rules.d/70*
-ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
 
-# simple eth0 config, again not hard-coded to the build hardware
-cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
-DEVICE="eth0"
-BOOTPROTO="dhcp"
-ONBOOT="yes"
-TYPE="Ethernet"
-USERCTL="yes"
-PEERDNS="yes"
-IPV6INIT="no"
-PERSISTENT_DHCLIENT="1"
-EOF
+%post --erroronfail --log=/var/log/anaconda/post-install.log
+#!/bin/bash
 
-echo "virtual-guest" > /etc/tuned/active_profile
+usermod root -p '!!'
 
-# generic localhost names
-cat > /etc/hosts << EOF
-127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+# setup systemd to boot to the right runlevel
+rm -f /etc/systemd/system/default.target
+ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
 
-EOF
-echo .
+# Set the kernel cmdline
+sed -i 's/^\(GRUB_CMDLINE_LINUX\)=".*"$/\1="console=tty1 console=ttyS0,115200n8 earlyprintk=ttyS0,115200 rootdelay=300 net.ifnames=0"/g' /etc/default/grub
 
-systemctl mask tmp.mount
+# Enable grub serial console
+echo 'GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"' >> /etc/default/grub
+sed -i 's/^GRUB_TERMINAL_OUTPUT=".*"$/GRUB_TERMINAL="serial console"/g' /etc/default/grub
 
+# Set default kernel
 cat <<EOL > /etc/sysconfig/kernel
 # UPDATEDEFAULT specifies if new-kernel-pkg should make
 # new kernels the default
@@ -82,73 +94,81 @@ UPDATEDEFAULT=yes
 DEFAULTKERNEL=kernel
 EOL
 
-# make sure firstboot doesn't start
-echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
+# Rebuild grub.cfg
+grub2-mkconfig -o /boot/grub2/grub.cfg
+
+# Ensure Hyper-V drivers are built into initramfs
+echo -e "\nadd_drivers+=\"hv_vmbus hv_netvsc hv_storvsc\"" >> /etc/dracut.conf
+kversion=$( rpm -q kernel | sed 's/kernel\-//' )
+dracut -v -f "/boot/initramfs-${kversion}.img" "$kversion"
+
+# Import CentOS public key
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+# Enable SSH keepalive
+sed -i 's/^#\(ClientAliveInterval\).*$/\1 180/g' /etc/ssh/sshd_config
+
+# Configure network
+cat << EOF > /etc/sysconfig/network-scripts/ifcfg-eth0
+DEVICE=eth0
+ONBOOT=yes
+BOOTPROTO=dhcp
+TYPE=Ethernet
+USERCTL=no
+PEERDNS=yes
+IPV6INIT=no
+NM_CONTROLLED=no
+PERSISTENT_DHCLIENT=yes
+EOF
 
-yum clean all
+cat << EOF > /etc/sysconfig/network
+NETWORKING=yes
+NOZEROCONF=yes
+HOSTNAME=localhost.localdomain
+EOF
 
-# XXX instance type markers - MUST match CentOS Infra expectation
-echo 'azure' > /etc/yum/vars/infra
 
-# chance dhcp client retry/timeouts to resolve #6866
+# Disable persistent net rules
+rm -f /etc/udev/rules.d/70* 2>/dev/null
+ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
+
+# Disable NetworkManager handling of the SRIOV interfaces
+cat <<EOF > /etc/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
+# Accelerated Networking on Azure exposes a new SRIOV interface to the VM.
+# This interface is transparently bonded to the synthetic interface,
+# so NetworkManager should just ignore any SRIOV interfaces.
+SUBSYSTEM=="net", DRIVERS=="hv_pci", ACTION=="add", ENV{NM_UNMANAGED}="1"
+
+EOF
+
+# Change dhcp client retry/timeouts to resolve #6866
 cat  >> /etc/dhcp/dhclient.conf << EOF
 
 timeout 300;
 retry 60;
 EOF
 
+# Blacklist the nouveau driver as it is incompatible
+# with Azure GPU instances.
+cat << EOF > /etc/modprobe.d/blacklist-nouveau.conf
+blacklist nouveau
+options nouveau modeset=0
+EOF
+
 echo "Fixing SELinux contexts."
 touch /var/log/cron
 touch /var/log/boot.log
 mkdir -p /var/cache/yum
 /usr/sbin/fixfiles -R -a restore
 
-# reorder console entries
-sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
+# Modify yum, clean cache
+echo "http_caching=packages" >> /etc/yum.conf
+yum clean all
 
-%end
+# XXX instance type markers - MUST match CentOS Infra expectation
+echo 'azure' > /etc/yum/vars/infra
 
-%packages
-@core
-chrony
-WALinuxAgent
-dracut-config-generic
-dracut-norescue
-firewalld
-grub2
-kernel
-nfs-utils
-rsync
-tar
-yum-utils
--NetworkManager
--aic94xx-firmware
--alsa-firmware
--alsa-lib
--alsa-tools-firmware
--biosdevname
--iprutils
--ivtv-firmware
--iwl100-firmware
--iwl1000-firmware
--iwl105-firmware
--iwl135-firmware
--iwl2000-firmware
--iwl2030-firmware
--iwl3160-firmware
--iwl3945-firmware
--iwl4965-firmware
--iwl5000-firmware
--iwl5150-firmware
--iwl6000-firmware
--iwl6000g2a-firmware
--iwl6000g2b-firmware
--iwl6050-firmware
--iwl7260-firmware
--libertas-sd8686-firmware
--libertas-sd8787-firmware
--libertas-usb8388-firmware
--plymouth
+# Set tuned profile
+echo "virtual-guest" > /etc/tuned/active_profile
 
 %end
-