Merge 550eb40 into 933fad9

Makefile

@@ -39,7 +39,7 @@ check:
 
 test:
 	@echo "*** Running tests ***"
-	PYTHONPATH=$(PYTHONPATH):./src/ $(PYTHON) -m nose -v --with-coverage --cover-erase --cover-branches \
+	PYTHONPATH=$(PYTHONPATH):./tests/rpmfluff/:./src/ $(PYTHON) -m nose -v --with-coverage --cover-erase --cover-branches \
 					--cover-package=pylorax --cover-inclusive \
 					./tests/pylorax/ ./tests/composer/
 

docs/lorax-composer.rst

@@ -175,11 +175,13 @@ for selecting optional packages.
 Customizations
 ~~~~~~~~~~~~~~
 
-The ``[[customizations]]`` section can be used to configure the hostname of the final image. eg.::
+The ``[customizations]`` section can be used to configure the hostname of the final image. eg.::
 
-    [[customizations]]
+    [customizations]
     hostname = "baseimage"
 
+This is optional and may be left out to use the defaults.
+
 
 [customizations.kernel]
 ***********************
@@ -244,6 +246,93 @@ Add a group to the image. ``name`` is required and ``gid`` is optional::
     gid = 1130
 
 
+[customizations.timezone]
+*************************
+
+Customizing the timezone and the NTP servers to use for the system::
+
+    [customizations.timezone]
+    timezone = "US/Eastern"
+    ntpservers = ["0.north-america.pool.ntp.org", "1.north-america.pool.ntp.org"]
+
+The values supported by ``timezone`` can be listed by running ``timedatectl list-timezones``.
+
+If no timezone is setup the system will default to using `UTC`. The ntp servers are also
+optional and will default to using the distribution defaults which are fine for most uses.
+
+In some image types there are already NTP servers setup, eg. Google cloud image, and they
+cannot be overridden because they are required to boot in the selected environment. But the
+timezone will be updated to the one selected in the blueprint.
+
+
+[customizations.locale]
+***********************
+
+Customize the locale settings for the system::
+
+    [customizations.locale]
+    languages = ["en_US.UTF-8"]
+    keyboards = ["us"]
+
+The values supported by ``languages`` can be listed by running ``localectl list-locales`` from
+the command line.
+
+The values supported by ``keyboards`` can be listed by running ``localectl list-keymaps`` from
+the command line.
+
+Multiple locale and keyboard sections can be listed. The first one becomes the
+primary, and the others are added as secondary. One or the other of ``languages``
+or ``keyboards`` must be included (or both).
+
+
+[customizations.firewall]
+*************************
+
+By default the firewall blocks all access except for services that enable their ports explicitly,
+like ``sshd``. This command can be used to open other ports or services. Ports are configured using
+the port:protocol format::
+
+    [customizations.firewall]
+    ports = ["22:tcp", "80:tcp", "imap:tcp", "53:tcp", "53:udp"]
+
+Numeric ports, or their names from ``/etc/services`` can be used in the ``ports`` enabled/disabled lists.
+
+The blueprint settings extend any existing settings in the image templates, so if ``sshd`` is
+already enabled it will extend the list of ports with the ones listed by the blueprint.
+
+If the distribution uses ``firewalld`` you can specify services listed by ``firewall-cmd --get-services``
+in a ``customizations.firewall.services`` section::
+
+    [customizations.firewall.services]
+    enabled = ["ftp", "ntp", "dhcp"]
+    disabled = ["telnet"]
+
+Remember that the ``firewall.services`` are different from the names in ``/etc/services``.
+
+Both are optional, if they are not used leave them out or set them to an empty list ``[]``. If you
+only want the default firewall setup this section can be omitted from the blueprint.
+
+NOTE: The ``Google`` and ``OpenStack`` templates explicitly disable the firewall for their environment.
+This cannot be overridden by the blueprint.
+
+[customizations.services]
+*************************
+
+This section can be used to control which services are enabled at boot time.
+Some image types already have services enabled or disabled in order for the
+image to work correctly, and cannot be overridden. eg. ``ami`` requires
+``sshd``, ``chronyd``, and ``cloud-init``. Without them the image will not
+boot. Blueprint services are added to, not replacing, the list already in the
+templates, if any.
+
+The service names are systemd service units. You may specify any systemd unit
+file accepted by ``systemctl enable`` eg. ``cockpit.socket``
+
+    [customizations.services]
+    enabled = ["sshd", "cockpit.socket", "httpd"]
+    disabled = ["postfix", "telnetd"]
+
+
 [[repos.git]]
 ~~~~~~~~~~~~~
 

share/composer/alibaba.ks

@@ -6,6 +6,7 @@ firewall --enabled
 # NOTE: The root account is locked by default
 # Network information
 network  --bootproto=dhcp --onboot=on --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language
@@ -16,8 +17,6 @@ selinux --enforcing
 logging --level=info
 # Shutdown after installation
 shutdown
-# System timezone
-timezone  US/Eastern
 # System bootloader configuration
 bootloader --location=mbr
 

share/composer/ami.ks

@@ -6,6 +6,7 @@ firewall --enabled
 # NOTE: The root account is locked by default
 # Network information
 network  --bootproto=dhcp --onboot=on --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language
@@ -16,8 +17,6 @@ selinux --enforcing
 logging --level=info
 # Shutdown after installation
 shutdown
-# System timezone
-timezone  US/Eastern
 # System bootloader configuration
 bootloader --location=mbr --append="no_timer_check console=ttyS0,115200n8 console=tty1 net.ifnames=0"
 # Add platform specific partitions

share/composer/ext4-filesystem.ks

@@ -6,6 +6,7 @@ firewall --enabled
 # NOTE: The root account is locked by default
 # Network information
 network  --bootproto=dhcp --onboot=on --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language
@@ -16,8 +17,6 @@ selinux --enforcing
 logging --level=info
 # Shutdown after installation
 shutdown
-# System timezone
-timezone  US/Eastern
 # System bootloader configuration (unpartitioned fs image doesn't use a bootloader)
 bootloader --location=none
 

share/composer/google.ks

@@ -6,6 +6,7 @@ firewall --disabled
 # NOTE: The root account is locked by default
 # Network information
 network  --bootproto=dhcp --onboot=on --mtu=1460 --noipv6 --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language

share/composer/hyper-v.ks

@@ -6,6 +6,7 @@ firewall --enabled
 # NOTE: The root account is locked by default
 # Network information
 network  --bootproto=dhcp --onboot=on --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language
@@ -16,8 +17,6 @@ selinux --enforcing
 logging --level=info
 # Shutdown after installation
 shutdown
-# System timezone
-timezone  US/Eastern
 # System bootloader configuration
 bootloader --location=mbr --append="no_timer_check console=ttyS0,115200n8 earlyprintk=ttyS0,115200 rootdelay=300 net.ifnames=0"
 # Add platform specific partitions

share/composer/live-iso.ks

@@ -9,6 +9,7 @@ xconfig  --startxonboot
 rootpw --plaintext removethispw
 # Network information
 network  --bootproto=dhcp --device=link --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language
@@ -21,8 +22,6 @@ logging --level=info
 shutdown
 # System services
 services --disabled="network,sshd" --enabled="NetworkManager"
-# System timezone
-timezone  US/Eastern
 # System bootloader configuration
 bootloader --location=none
 

share/composer/openstack.ks

@@ -6,6 +6,7 @@ firewall --disabled
 # NOTE: The root account is locked by default
 # Network information
 network  --bootproto=dhcp --onboot=on --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language
@@ -16,8 +17,6 @@ selinux --enforcing
 logging --level=info
 # Shutdown after installation
 shutdown
-# System timezone
-timezone  US/Eastern
 # System bootloader configuration
 bootloader --location=mbr --append="no_timer_check console=ttyS0,115200n8 console=tty1 net.ifnames=0"
 # Add platform specific partitions

share/composer/partitioned-disk.ks

@@ -6,6 +6,7 @@ firewall --enabled
 # NOTE: The root account is locked by default
 # Network information
 network  --bootproto=dhcp --onboot=on --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language
@@ -16,8 +17,6 @@ selinux --enforcing
 logging --level=info
 # Shutdown after installation
 shutdown
-# System timezone
-timezone  US/Eastern
 # System bootloader configuration
 bootloader --location=mbr
 # Add platform specific partitions

share/composer/qcow2.ks

@@ -6,6 +6,7 @@ firewall --enabled
 # NOTE: The root account is locked by default
 # Network information
 network  --bootproto=dhcp --onboot=on --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language
@@ -16,8 +17,6 @@ selinux --enforcing
 logging --level=info
 # Shutdown after installation
 shutdown
-# System timezone
-timezone  US/Eastern
 # System bootloader configuration
 bootloader --location=mbr
 # Add platform specific partitions

share/composer/tar.ks

@@ -6,6 +6,7 @@ firewall --enabled
 # NOTE: The root account is locked by default
 # Network information
 network  --bootproto=dhcp --onboot=on --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language
@@ -16,8 +17,6 @@ selinux --enforcing
 logging --level=info
 # Shutdown after installation
 shutdown
-# System timezone
-timezone  US/Eastern
 # System bootloader configuration (tar doesn't need a bootloader)
 bootloader --location=none
 

share/composer/vhd.ks

@@ -6,6 +6,7 @@ firewall --enabled
 # NOTE: The root account is locked by default
 # Network information
 network  --bootproto=dhcp --onboot=on --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language
@@ -16,8 +17,6 @@ selinux --enforcing
 logging --level=info
 # Shutdown after installation
 shutdown
-# System timezone
-timezone  US/Eastern
 # System bootloader configuration
 bootloader --location=mbr --append="no_timer_check console=ttyS0,115200n8 earlyprintk=ttyS0,115200 rootdelay=300 net.ifnames=0"
 # Add platform specific partitions

share/composer/vmdk.ks

@@ -6,6 +6,7 @@ firewall --enabled
 # NOTE: The root account is locked by default
 # Network information
 network  --bootproto=dhcp --onboot=on --activate
+# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
 # System keyboard
 keyboard --xlayouts=us --vckeymap=us
 # System language
@@ -16,8 +17,6 @@ selinux --enforcing
 logging --level=info
 # Shutdown after installation
 shutdown
-# System timezone
-timezone  US/Eastern
 # System bootloader configuration
 bootloader --location=mbr
 # Add platform specific partitions