Added l1chost.in.

diff --git a/sources/l1chost.in/01_setupnetworking.sh b/sources/l1chost.in/01_setupnetworking.sh
new file mode 100755 (executable)
index 0000000..114bb8b
--- /dev/null
+++ b/sources/l1chost.in/01_setupnetworking.sh
@@ -0,0 +1,200 @@
+#!/bin/sh
+
+
+# network interfaces are:
+#   enc1:  used for internal host bond
+#   enc6:  used for internal host bond
+#   enc9:  used for internal container bond
+#   encc:  used for internal container bond
+#   encf:  used for external container bond
+#   enc12: used for external container bond
+
+
+INTERNAL_HOST_BOND_NAME=bondhi
+INTERNAL_HOST_BOND_DEVICE=${INTERNAL_HOST_BOND_NAME}-dev
+INTERNAL_HOST_BOND_SLAVE_1_NAME=${INTERNAL_HOST_BOND_NAME}-slave-1
+INTERNAL_HOST_BOND_SLAVE_1_DEVICE=enc1
+INTERNAL_HOST_BOND_SLAVE_2_NAME=${INTERNAL_HOST_BOND_NAME}-slave-2
+INTERNAL_HOST_BOND_SLAVE_2_DEVICE=enc6
+
+INTERNAL_CONTAINER_BRIDGE_NAME=brci
+INTERNAL_CONTAINER_BRIDGE_DEVICE=${INTERNAL_CONTAINER_BRIDGE_NAME}-dev
+
+INTERNAL_CONTAINER_BOND_NAME=bondci
+INTERNAL_CONTAINER_BOND_DEVICE=${INTERNAL_CONTAINER_BOND_NAME}-dev
+INTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-1
+INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=enc9
+INTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${INTERNAL_CONTAINER_BOND_NAME}-slave-2
+INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=encc
+
+HOST_ONLY_CONTAINER_BRIDGE_NAME=brch
+HOST_ONLY_CONTAINER_BRIDGE_DEVICE=${HOST_ONLY_CONTAINER_BRIDGE_NAME}-dev
+
+EXTERNAL_CONTAINER_BRIDGE_NAME=brce
+EXTERNAL_CONTAINER_BRIDGE_DEVICE=${EXTERNAL_CONTAINER_BRIDGE_NAME}-dev
+
+EXTERNAL_CONTAINER_BOND_NAME=bondce
+EXTERNAL_CONTAINER_BOND_DEVICE=${EXTERNAL_CONTAINER_BOND_NAME}-dev
+EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-1
+EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE=encf
+EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME=${EXTERNAL_CONTAINER_BOND_NAME}-slave-2
+EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE=enc12
+
+
+ip link set $INTERNAL_HOST_BOND_SLAVE_1_DEVICE mtu 1500
+ip link set $INTERNAL_HOST_BOND_SLAVE_2_DEVICE mtu 1500
+ip link set $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500
+ip link set $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500
+ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE mtu 1500
+ip link set $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE mtu 1500
+
+chzdev 0.0.0009 bridge_role=primary
+chzdev 0.0.000c bridge_role=primary
+chzdev 0.0.000f bridge_role=primary
+chzdev 0.0.0012 bridge_role=primary
+
+nmcli --terse connection show \
+    | grep --invert-match ':lo$' \
+    | while read CONNECTION_LINE
+do
+    CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
+    nmcli connection delete uuid "$CONNECTION_UUID"
+done
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $INTERNAL_HOST_BOND_NAME \
+    connection.interface-name $INTERNAL_HOST_BOND_DEVICE \
+    connection.type bond \
+    802-3-ethernet.mtu 1500 \
+    bond.options "mode=active-backup,miimon=100" \
+    ipv4.addresses "10.228.121.190/16" \
+    ipv4.dns "10.228.109.159, 10.228.92.159" \
+    ipv4.dns-search "in.useribm.hu" \
+    ipv4.gateway "10.228.109.254" \
+    ipv4.method "manual" \
+    ipv4.route-metric "100" \
+    ipv6.addresses "2001:1aa1:000a:7dae:82c4:6bff:fe00:c3d8/64" \
+    ipv6.dns "2001:1aa1:000a:7dae:000c:18ff:fe03:5c9f, 2001:1aa1:000a:7dae:000c:18ff:fe03:6d9f" \
+    ipv6.dns-search "in.useribm.hu" \
+    ipv6.gateway "2001:1aa1:000a:7dae:000c:18ff:fe03:6dfe" \
+    ipv6.method "manual" \
+    ipv6.route-metric "100" \
+    save yes
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $INTERNAL_HOST_BOND_SLAVE_1_NAME \
+    connection.interface-name $INTERNAL_HOST_BOND_SLAVE_1_DEVICE \
+    connection.master $INTERNAL_HOST_BOND_DEVICE \
+    connection.slave-type bond \
+    connection.type 802-3-ethernet \
+    802-3-ethernet.mtu 1500 \
+    save yes
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $INTERNAL_HOST_BOND_SLAVE_2_NAME \
+    connection.interface-name $INTERNAL_HOST_BOND_SLAVE_2_DEVICE \
+    connection.master $INTERNAL_HOST_BOND_DEVICE \
+    connection.slave-type bond \
+    connection.type 802-3-ethernet \
+    802-3-ethernet.mtu 1500 \
+    save yes
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $INTERNAL_CONTAINER_BRIDGE_NAME \
+    connection.interface-name $INTERNAL_CONTAINER_BRIDGE_DEVICE \
+    connection.type bridge \
+    802-3-ethernet.mtu 1500 \
+    ipv4.method "disabled" \
+    ipv6.method "disabled" \
+    bridge.stp no \
+    save yes
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $INTERNAL_CONTAINER_BOND_NAME \
+    connection.interface-name $INTERNAL_CONTAINER_BOND_DEVICE \
+    connection.type bond \
+    connection.master $INTERNAL_CONTAINER_BRIDGE_DEVICE \
+    connection.slave-type bridge \
+    802-3-ethernet.mtu 1500 \
+    bond.options "mode=active-backup,miimon=100" \
+    save yes
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $INTERNAL_CONTAINER_BOND_SLAVE_1_NAME \
+    connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \
+    connection.master $INTERNAL_CONTAINER_BOND_DEVICE \
+    connection.slave-type bond \
+    connection.type 802-3-ethernet \
+    802-3-ethernet.mtu 1500 \
+    save yes
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $INTERNAL_CONTAINER_BOND_SLAVE_2_NAME \
+    connection.interface-name $INTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \
+    connection.master $INTERNAL_CONTAINER_BOND_DEVICE \
+    connection.slave-type bond \
+    connection.type 802-3-ethernet \
+    802-3-ethernet.mtu 1500 \
+    save yes
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $HOST_ONLY_CONTAINER_BRIDGE_NAME \
+    connection.interface-name $HOST_ONLY_CONTAINER_BRIDGE_DEVICE \
+    connection.type bridge \
+    802-3-ethernet.mtu 9000 \
+    ipv4.method "disabled" \
+    ipv6.method "disabled" \
+    bridge.stp no \
+    save yes
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $EXTERNAL_CONTAINER_BRIDGE_NAME \
+    connection.interface-name $EXTERNAL_CONTAINER_BRIDGE_DEVICE \
+    connection.type bridge \
+    802-3-ethernet.mtu 1500 \
+    ipv4.method "disabled" \
+    ipv6.method "disabled" \
+    bridge.stp no \
+    save yes
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $EXTERNAL_CONTAINER_BOND_NAME \
+    connection.interface-name $EXTERNAL_CONTAINER_BOND_DEVICE \
+    connection.type bond \
+    connection.master $EXTERNAL_CONTAINER_BRIDGE_DEVICE \
+    connection.slave-type bridge \
+    802-3-ethernet.mtu 1500 \
+    bond.options "mode=active-backup,miimon=100" \
+    save yes
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_1_NAME \
+    connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_1_DEVICE \
+    connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \
+    connection.slave-type bond \
+    connection.type 802-3-ethernet \
+    802-3-ethernet.mtu 1500 \
+    save yes
+
+nmcli connection add \
+    connection.autoconnect yes \
+    connection.id $EXTERNAL_CONTAINER_BOND_SLAVE_2_NAME \
+    connection.interface-name $EXTERNAL_CONTAINER_BOND_SLAVE_2_DEVICE \
+    connection.master $EXTERNAL_CONTAINER_BOND_DEVICE \
+    connection.slave-type bond \
+    connection.type 802-3-ethernet \
+    802-3-ethernet.mtu 1500 \
+    save yes
+
+nmcli connection show

diff --git a/sources/l1chost.in/02_addremovepackages.sh b/sources/l1chost.in/02_addremovepackages.sh
new file mode 100755 (executable)
index 0000000..36b1bc9
--- /dev/null
+++ b/sources/l1chost.in/02_addremovepackages.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+
+dnf remove \
+    bluez \
+    c-ares \
+    dhcp-client \
+    duktape \
+    f2fs-tools \
+    firewalld \
+    *firmware \
+    *fonts \
+    fuse3-libs \
+    fwupd \
+    gawk-all-langpacks \
+    hunspell* \
+    inih \
+    jq \
+    libsemanage \
+    linux-firmware \
+    memstrack \
+    ModemManager-glib \
+    mpdecimal \
+    nano \
+    nilfs-utils \
+    ntfs-3g \
+    ntfs-3g-libs \
+    pcsc-lite* \
+    perl* \
+    pigz \
+    python3* \
+    qrencode-libs \
+    sssd-* \
+    tpm2-* \
+    udftools \
+    xkeyboard-config \
+    zram-generator*
+
+dnf install \
+    --setopt=install_weak_deps=False \
+    atop \
+    bonnie++ \
+    btrfs-progs \
+    cronie \
+    crontabs \
+    git \
+    libvirt \
+    logrotate \
+    lsof \
+    lxc \
+    lxc-templates \
+    lxcfs \
+    mailx \
+    man-pages \
+    openssl \
+    pciutils \
+    postfix \
+    python-unversioned-command \
+    qemu-kvm \
+    rsync-daemon \
+    rsyslog \
+    rsyslog-relp \
+    s390utils \
+    screen \
+    speedtest-cli \
+    sysstat \
+    tar \
+    unzip \
+    vim-enhanced \
+    virt-manager \
+    wget2 \
+    zip

diff --git a/sources/l1chost.in/99_configuresystem.sh b/sources/l1chost.in/99_configuresystem.sh
new file mode 100755 (executable)
index 0000000..39c60c8
--- /dev/null
+++ b/sources/l1chost.in/99_configuresystem.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+
+SCRIPT_PATH=$(dirname $(realpath $0))
+#BASE_PATH=$(dirname $SCRIPT_PATH)
+
+find $SCRIPT_PATH/etc -type f | sort | while read FILE
+do
+    FILE_TYPE=$(echo $FILE | sed 's/^.*\.\([^\.]*\)$/\1/')
+    TARGET_FILE=$(echo $FILE | sed "s|^${SCRIPT_PATH}||")
+    #echo $FILE $FILE_TYPE $TARGET_FILE
+    case $FILE_TYPE in
+        "add")
+            TARGET_FILE=$(echo $TARGET_FILE | sed 's/\.add$//')
+            while read -r LINE
+            do
+                MATCHES=$(grep --count "^${LINE}$" $TARGET_FILE)
+                if [ $MATCHES -eq 0 ]
+                then
+                    echo "Add \"$LINE\" to $TARGET_FILE"
+                fi
+            done <$FILE
+            ;;
+        "append")
+            TARGET_FILE=$(echo $TARGET_FILE | sed 's/\.append$//')
+            FILE_CS=$(cat $FILE | md5sum)
+            FILE_LINES=$(cat $FILE | wc -l)
+            TARGET_FILE_CS=$(tail -n $FILE_LINES $TARGET_FILE | md5sum)
+            if [ "$FILE_CS" != "$TARGET_FILE_CS" ]
+            then
+                echo "cat $FILE >>$TARGET_FILE"
+            fi
+            ;;
+        "set")
+            TARGET_FILE=$(echo $TARGET_FILE | sed 's/\.set$//')
+            while read -r LINE
+            do
+                MATCHES=$(grep --count "^${LINE}$" $TARGET_FILE)
+                if [ $MATCHES -eq 0 ]
+                then
+                    echo "Set \"$LINE\" in $TARGET_FILE"
+                fi
+            done <$FILE
+            ;;
+        *)
+            if [ -f $TARGET_FILE ]
+            then
+                FILE_CS=$(cat $FILE | md5sum)
+                TARGET_FILE_CS=$(cat $TARGET_FILE | md5sum)
+                if [ "$FILE_CS" != "$TARGET_FILE_CS" ]
+                then
+                    echo "cat $FILE >$TARGET_FILE"
+                fi
+            else
+                echo "cat $FILE >$TARGET_FILE"
+            fi
+    esac
+done
+
+if [ ! -d /lxc ]
+then
+    echo
+    echo "mkdir /lxc"
+fi
+echo
+echo 'localectl set-locale LANG=en_US.UTF-8 LC_TIME=C.UTF-8 LC_PAPER=C.UTF-8'
+echo
+echo 'git config set --global user.name "Zoltán Felleg"'
+echo 'git config set --global user.email "zoltan.felleg@userrendszerhaz.hu"'
+echo 'git config set --global core.editor "vim"'
+echo
+echo "systemctl enable lxc"
+echo "systemctl enable lxc-net"
+echo "systemctl enable lxcfs"
+#echo "systemctl enable postfix"
+echo
+echo "dnf --refresh update"
+echo "reboot"

diff --git a/sources/l1chost.in/etc/chrony.conf.add b/sources/l1chost.in/etc/chrony.conf.add
new file mode 100644 (file)
index 0000000..545a163
--- /dev/null
+++ b/sources/l1chost.in/etc/chrony.conf.add
@@ -0,0 +1 @@
+allow all

diff --git a/sources/l1chost.in/etc/crontab.append b/sources/l1chost.in/etc/crontab.append
new file mode 100644 (file)
index 0000000..fc64615
--- /dev/null
+++ b/sources/l1chost.in/etc/crontab.append
@@ -0,0 +1,2 @@
+MAILTO=
+0 */8 * * * root [ -x /lxc/scripts/rsyncbackup.sh ] && /lxc/scripts/cron.rsyncbackup.sh

diff --git a/sources/l1chost.in/etc/dnf/dnf.conf.append b/sources/l1chost.in/etc/dnf/dnf.conf.append
new file mode 100644 (file)
index 0000000..fd63a07
--- /dev/null
+++ b/sources/l1chost.in/etc/dnf/dnf.conf.append
@@ -0,0 +1,3 @@
+install_weak_deps=False
+max_parallel_downloads=10
+skip_if_unavailable=True

diff --git a/sources/l1chost.in/etc/lxc/lxc.conf b/sources/l1chost.in/etc/lxc/lxc.conf
new file mode 100644 (file)
index 0000000..48f7ddf
--- /dev/null
+++ b/sources/l1chost.in/etc/lxc/lxc.conf
@@ -0,0 +1 @@
+lxc.lxcpath = /lxc/containers

diff --git a/sources/l1chost.in/etc/multipath.conf.append b/sources/l1chost.in/etc/multipath.conf.append
new file mode 100644 (file)
index 0000000..7cbd90f
--- /dev/null
+++ b/sources/l1chost.in/etc/multipath.conf.append
@@ -0,0 +1,11 @@
+
+multipaths {
+       multipath {
+               wwid    360050763808103088c000000000002cf
+               alias   pv-root
+       }
+       multipath {
+               wwid    360050763808103088c000000000002d0
+               alias   pv-lxc
+       }
+}

diff --git a/sources/l1chost.in/etc/subgid.append b/sources/l1chost.in/etc/subgid.append
new file mode 100644 (file)
index 0000000..cc89f03
--- /dev/null
+++ b/sources/l1chost.in/etc/subgid.append
@@ -0,0 +1 @@
+root:100000:100000

diff --git a/sources/l1chost.in/etc/subuid.append b/sources/l1chost.in/etc/subuid.append
new file mode 100644 (file)
index 0000000..cc89f03
--- /dev/null
+++ b/sources/l1chost.in/etc/subuid.append
@@ -0,0 +1 @@
+root:100000:100000

diff --git a/sources/l1chost.in/etc/sysconfig/lxc-net.set b/sources/l1chost.in/etc/sysconfig/lxc-net.set
new file mode 100644 (file)
index 0000000..3e6807b
--- /dev/null
+++ b/sources/l1chost.in/etc/sysconfig/lxc-net.set
@@ -0,0 +1 @@
+USE_LXC_BRIDGE="false"

diff --git a/sources/l1chost.in/etc/sysctl.d/01-lxc.conf b/sources/l1chost.in/etc/sysctl.d/01-lxc.conf
new file mode 100644 (file)
index 0000000..db6aa47
--- /dev/null
+++ b/sources/l1chost.in/etc/sysctl.d/01-lxc.conf
@@ -0,0 +1 @@
+fs.inotify.max_user_instances = 1024

diff --git a/sources/l1chost.in/install-and-configure.txt b/sources/l1chost.in/install-and-configure.txt
new file mode 100644 (file)
index 0000000..f442c95
--- /dev/null
+++ b/sources/l1chost.in/install-and-configure.txt
@@ -0,0 +1,28 @@
+================
+=== INSTALL  ===
+================
+1. download Fedora-Everything-netinst-s390x.iso
+2. mount it (mount Fedora-Everything-netinst-s390x.iso <mount point> -o loop,ro)
+3. copy its contents to a directory (cp -a <mount point> <directory>)
+4. copy generic.ins to kickstart.ins
+5. replace generic.prm with kickstart.prm in kickstart.ins
+6. copy kickstart.prm to images
+7. create a kickstart iso image (genisoimage -J -r -o <iso image> <directory>)
+8. set boot parameters for the partition
+8.1 set "Partition Details -> Boot -> Boot from:" to ISO Image
+8.2 set "Partition Details -> Boot -> ISO Image file:" to <iso image>
+8.3 set "Partition Details -> Boot -> .INS file:" to /kickstart.ins
+
+on the http server:
+1. create the os and update repositories
+2. create the ks.cfg file/script
+
+=================
+=== CONFIGURE ===
+=================
+1. find / -print0 | xargs -0 setfattr -h -x security.selinux
+2. run 02_addremovepackages.sh
+3. git clone https://git.useribm.hu/user-ssh.git
+4. setup ssh (see user-ssh/doc.txt)
+5. userdel -r zfelleg
+6. set root password

diff --git a/sources/l1chost.in/kickstart.prm b/sources/l1chost.in/kickstart.prm
new file mode 100644 (file)
index 0000000..b5a23ff
--- /dev/null
+++ b/sources/l1chost.in/kickstart.prm
@@ -0,0 +1,7 @@
+ro ramdisk_size=40000 cio_ignore=all,!condev
+ip=enc1:dhcp
+inst.repo=http://store.in.useribm.hu/linux/fedora/releases/41/Everything/s390x/os
+inst.ks=http://store.in.useribm.hu/linux/fedora/ks.cfg
+inst.ks.sendmac
+kinst.ks.sendsn
+inst.selinux=0

diff --git a/sources/l1chost.in/ks.cfg b/sources/l1chost.in/ks.cfg
new file mode 100644 (file)
index 0000000..53f84c9
--- /dev/null
+++ b/sources/l1chost.in/ks.cfg
@@ -0,0 +1,67 @@
+# Reboot after installation
+reboot
+
+# Keyboard layouts
+keyboard --vckeymap=us --xlayouts='us'
+# System language
+lang en_US.UTF-8
+
+# Network information
+network --activate --bootproto=static --device=enc1 --ip=10.228.121.190 --netmask=255.255.0.0 --gateway=10.228.109.254 --hostname=l1chost.in.useribm.hu --nameserver=10.228.92.159 --nameserver=10.228.109.159
+
+# Use network installation
+url --url="http://store.in.useribm.hu/linux/fedora/releases/$releasever/Everything/$basearch/os"
+repo --name="local-updates" --baseurl=http://store.in.useribm.hu/linux/fedora/updates/$releasever/Everything/$basearch
+
+%packages
+@core --nodefaults
+%end
+
+# Logging
+logging --host=log.in.useribm.hu
+
+# Use text mode install
+text
+
+# Firewall configuration
+firewall --disabled
+
+# SELinux configuration
+selinux --disabled
+
+firstboot --disable
+# Do not configure the X Window System
+skipx
+
+# Use boot disk only
+#ignoredisk --only-use=disk/by-id/scsi-360050763808103088c000000000002cf
+# Ignore data disk
+ignoredisk --drives=disk/by-id/scsi-360050763808103088c000000000002d0
+
+# Clear the Master Boot Record
+zerombr
+# Clear all Partitions
+clearpart --all --initlabel
+#clearpart --all
+
+#autopart --type=lvm
+partition /boot --size=1024 --asprimary --fstype=ext4 --label=boot
+partition pv.01 --size=16384 --grow --asprimary --label=rootvg
+
+volgroup rootvg pv.01
+
+logvol / --vgname=rootvg --name=root --fstype=ext4 --label=root --size=1024
+logvol /usr --vgname=rootvg --name=usr --fstype=ext4 --label=usr --size=4096
+logvol /var --vgname=rootvg --name=var --fstype=ext4 --label=var --size=16384
+logvol swap --vgname=rootvg --name=swap --fstype=swap --label=swap --size=16384
+
+# System bootloader configuration
+bootloader --append="rhgb quiet crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M"
+
+# System timezone
+timezone Europe/Budapest --utc
+
+# Root password
+rootpw --iscrypted $2b$10$ksJ/oZo1tKXo8MZiNmrvsecrk4oObAM0NDpAoVgcHTpe57qJ5l2RK
+
+user --name=zfelleg --groups=wheel --password=pwd --plaintext