2 echo "Starting Kickstart Post"
3 PATH=/sbin:/usr/sbin:/bin:/usr/bin
6 # Import SELinux Modules
7 echo "Enabling selinux modules"
8 SEMODULES="base automount avahi consolekit cyrus dhcp dnsmasq guest hal ipsec \
9 iscsi kerberos kerneloops ldap lockdev logadm mozilla ntp ovirt-node-selinux \
10 polkit portmap qemu rpcbind sasl snmp stunnel sysstat tcpd unprivuser \
11 unconfined usbmodules userhelper virt"
13 lokkit -v --selinuxtype=minimum
16 for semodule in $SEMODULES; do
17 if [ -f /usr/share/selinux/minimum/$semodule.pp.bz2 ]; then
18 mv /usr/share/selinux/minimum/$semodule.pp.bz2 $tmpdir
19 bunzip2 $tmpdir/$semodule.pp.bz2
20 elif [ -f /usr/share/selinux/minimum/$semodule.pp ]; then
21 mv /usr/share/selinux/minimum/$semodule.pp $tmpdir
25 ls $tmpdir/*.pp | grep -Ev "base.pp|enableaudit.pp" \
26 | xargs semodule -v -b $tmpdir/base.pp -i
30 echo "Running ovirt-install-host stateless"
31 /usr/sbin/ovirt-install-node stateless
33 echo "Creating shadow files"
34 # because we aren't installing authconfig, we aren't setting up shadow
35 # and gshadow properly. Do it by hand here
39 echo "Forcing C locale"
40 # force logins (via ssh, etc) to use C locale, since we remove locales
41 cat >> /etc/profile << \EOF
42 # oVirt: force our locale to C since we don't have locale stuff'
43 export LC_ALL=C LANG=C
46 echo "Configuring IPTables"
47 # here, we need to punch the appropriate holes in the firewall
48 cat > /etc/sysconfig/iptables << \EOF
49 # oVirt automatically generated firewall configuration
54 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
55 -A INPUT -p icmp -j ACCEPT
56 -A INPUT -i lo -j ACCEPT
58 -A INPUT -p tcp --dport 16509 -j ACCEPT
60 -A INPUT -p tcp --dport 22 -j ACCEPT
62 -A INPUT -p tcp -m multiport --dports 5900:6000 -j ACCEPT
64 -A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT
65 -A INPUT -j REJECT --reject-with icmp-host-prohibited
66 -A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited