From bb036defd60f155d2e59baa6bb8da95385dfdb00 Mon Sep 17 00:00:00 2001 From: jmckenna Date: Fri, 6 Jul 2018 08:24:30 -0400 Subject: [PATCH] Update boot configs to match CentOS 7.5 kernel To improve kubernetes support, update kernel to CentOS 7.5 version and enable user namespaces in kernel bootargs. Depends-On: https://review.openstack.org/580689 Change-Id: I4d8620ea17a19a764c6627cd79eb548c79c56bfd Signed-off-by: Jason McKenna Story: 2002761 Task: 22841 --- bsp-files/centos.syslinux.cfg | 24 ++++++------- bsp-files/grub.cfg | 36 +++++++++---------- .../post_kernel_aio_and_compute.cfg | 4 ++- .../kickstarts/post_kernel_controller.cfg | 4 ++- bsp-files/kickstarts/post_kernel_storage.cfg | 4 ++- bsp-files/pxeboot.cfg | 24 ++++++------- bsp-files/pxeboot_grub.cfg | 24 ++++++------- .../centos/build_srpm.data | 2 +- .../pxe-network-installer/pxeboot-update.sh | 3 ++ 9 files changed, 67 insertions(+), 58 deletions(-) diff --git a/bsp-files/centos.syslinux.cfg b/bsp-files/centos.syslinux.cfg index f6b05695..e51a8535 100644 --- a/bsp-files/centos.syslinux.cfg +++ b/bsp-files/centos.syslinux.cfg @@ -40,7 +40,7 @@ menu begin endtext kernel vmlinuz initrd initrd.img - append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard + append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1 label S0 menu label EXTENDED Security Boot Profile @@ -50,7 +50,7 @@ menu begin endtext kernel vmlinuz initrd initrd.img - append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended + append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1 menu end # Graphical Console submenu @@ -64,7 +64,7 @@ menu begin endtext kernel vmlinuz initrd initrd.img - append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard + append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1 label S1 menu label EXTENDED Security Boot Profile @@ -74,7 +74,7 @@ menu begin endtext kernel vmlinuz initrd initrd.img - append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended + append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1 menu end menu end @@ -94,7 +94,7 @@ menu begin endtext kernel vmlinuz initrd initrd.img - append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard + append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1 label S2 menu label EXTENDED Security Boot Profile @@ -105,7 +105,7 @@ menu begin kernel vmlinuz initrd initrd.img # Security profile option - append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended + append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1 menu end # Graphical Console submenu @@ -119,7 +119,7 @@ menu begin endtext kernel vmlinuz initrd initrd.img - append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard + append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1 label S3 menu label EXTENDED Security Boot Profile @@ -129,7 +129,7 @@ menu begin endtext kernel vmlinuz initrd initrd.img - append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended + append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1 menu end menu end @@ -149,7 +149,7 @@ menu begin endtext kernel vmlinuz initrd initrd.img - append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard + append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1 label S4 menu label EXTENDED Security Boot Profile @@ -159,7 +159,7 @@ menu begin endtext kernel vmlinuz initrd initrd.img - append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended + append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1 menu end # Graphical Console submenu @@ -173,7 +173,7 @@ menu begin endtext kernel vmlinuz initrd initrd.img - append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard + append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1 label S5 menu label EXTENDED Security Boot Profile @@ -183,6 +183,6 @@ menu begin endtext kernel vmlinuz initrd initrd.img - append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended + append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1 menu end menu end diff --git a/bsp-files/grub.cfg b/bsp-files/grub.cfg index f5c9fe4e..cbe85bde 100644 --- a/bsp-files/grub.cfg +++ b/bsp-files/grub.cfg @@ -37,16 +37,16 @@ menuentry ' ' { submenu 'UEFI Standard Controller Configuration' --id=standard { submenu 'Serial Console' --id=serial { menuentry 'STANDARD Security Profile' --id=standard { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1 initrdefi /initrd.img } submenu 'EXTENDED Security Profile' --id=extended { menuentry 'Secure Boot Profile' --id=secureboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1 initrdefi /initrd.img } menuentry 'Trusted Boot Profile' --id=tboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi /initrd.img } } @@ -54,16 +54,16 @@ submenu 'UEFI Standard Controller Configuration' --id=standard { submenu 'Graphical Console' --id=graphical { menuentry 'STANDARD Security Profile' --id=standard { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1 initrdefi /initrd.img } submenu 'EXTENDED Security Profile' --id=extended { menuentry 'Secure Boot Profile' --id=secureboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1 initrdefi /initrd.img } menuentry 'Trusted Boot Profile' --id=tboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi /initrd.img } } @@ -79,16 +79,16 @@ menuentry ' '{ submenu 'UEFI All-in-one Controller Configuration' --id=aio { submenu 'Serial Console' --id=serial { menuentry 'STANDARD Security Profile' --id=standard { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1 initrdefi /initrd.img } submenu 'EXTENDED Security Profile' --id=extended { menuentry 'Secure Boot Profile' --id=secureboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1 initrdefi /initrd.img } menuentry 'Trusted Boot Profile' --id=tboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi /initrd.img } } @@ -96,16 +96,16 @@ submenu 'UEFI All-in-one Controller Configuration' --id=aio { submenu 'Graphical Console' --id=graphical { menuentry 'STANDARD Security Profile' --id=standard { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1 initrdefi /initrd.img } submenu 'EXTENDED Security Profile' --id=extended { menuentry 'Secure Boot Profile' --id=secureboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1 initrdefi /initrd.img } menuentry 'Trusted Boot Profile' --id=tboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi /initrd.img } } @@ -121,16 +121,16 @@ menuentry ' '{ submenu 'UEFI All-in-one (lowlatency) Controller Configuration' --id=aio-lowlat { submenu 'Serial Console' --id=serial { menuentry 'STANDARD Security Profile' --id=standard { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1 initrdefi /initrd.img } submenu 'EXTENDED Security Profile' --id=extended { menuentry 'Secure Boot Profile' --id=secureboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1 initrdefi /initrd.img } menuentry 'Trusted Boot Profile' --id=tboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi /initrd.img } } @@ -138,16 +138,16 @@ submenu 'UEFI All-in-one (lowlatency) Controller Configuration' --id=aio-lowlat submenu 'Graphical Console' --id=graphical { menuentry 'STANDARD Security Profile' --id=standard { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1 initrdefi /initrd.img } submenu 'EXTENDED Security Profile' --id=extended { menuentry 'Secure Boot Profile' --id=secureboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1 initrdefi /initrd.img } menuentry 'Trusted Boot Profile' --id=tboot { - linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true + linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi /initrd.img } } diff --git a/bsp-files/kickstarts/post_kernel_aio_and_compute.cfg b/bsp-files/kickstarts/post_kernel_aio_and_compute.cfg index 629b8ffe..0c77a842 100644 --- a/bsp-files/kickstarts/post_kernel_aio_and_compute.cfg +++ b/bsp-files/kickstarts/post_kernel_aio_and_compute.cfg @@ -79,7 +79,9 @@ then KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0" fi -KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" +# k8s updates: +#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" +KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" # Add kernel option to avoid jiffies_lock contention on real-time kernel if [[ "$subfunction" =~ lowlatency ]]; then diff --git a/bsp-files/kickstarts/post_kernel_controller.cfg b/bsp-files/kickstarts/post_kernel_controller.cfg index 684398de..a49f835a 100644 --- a/bsp-files/kickstarts/post_kernel_controller.cfg +++ b/bsp-files/kickstarts/post_kernel_controller.cfg @@ -24,7 +24,9 @@ if [ $? -ne 0 ]; then KERN_OPTS="${KERN_OPTS} biosdevname=0" fi -KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" +# k8s updates +#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" +KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" # If the installer asked us to use security related kernel params, use # them in the grub line as well (until they can be configured via puppet) diff --git a/bsp-files/kickstarts/post_kernel_storage.cfg b/bsp-files/kickstarts/post_kernel_storage.cfg index 894c2e89..53bff1b2 100644 --- a/bsp-files/kickstarts/post_kernel_storage.cfg +++ b/bsp-files/kickstarts/post_kernel_storage.cfg @@ -18,7 +18,9 @@ if [ $? -ne 0 ]; then KERN_OPTS="${KERN_OPTS} biosdevname=0" fi -KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" +# k8s updates: +#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" +KERN_OPTS="${KERN_OPTS} user_namespace.enable=1" # If the installer asked us to use security related kernel params, use # them in the grub line as well (until they can be configured via puppet) diff --git a/bsp-files/pxeboot.cfg b/bsp-files/pxeboot.cfg index bde20cd1..728baebd 100644 --- a/bsp-files/pxeboot.cfg +++ b/bsp-files/pxeboot.cfg @@ -36,7 +36,7 @@ menu begin Standard Security Profile Enabled (default setting) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1 ipappend 2 label S1 @@ -46,7 +46,7 @@ menu begin Extended Security Profile Enabled (will impact performance) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1 ipappend 2 menu end @@ -60,7 +60,7 @@ menu begin Standard Security Profile Enabled (default setting) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1 ipappend 2 label S2 @@ -70,7 +70,7 @@ menu begin Extended Security Profile Enabled (will impact performance) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1 ipappend 2 menu end menu end @@ -88,7 +88,7 @@ menu begin Standard Security Profile Enabled (default setting) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1 ipappend 2 label S3 @@ -98,7 +98,7 @@ menu begin Extended Security Profile Enabled (will impact performance) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1 ipappend 2 menu end @@ -112,7 +112,7 @@ menu begin Standard Security Profile Enabled (default setting) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1 ipappend 2 label S4 @@ -122,7 +122,7 @@ menu begin Extended Security Profile Enabled (will impact performance) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1 ipappend 2 menu end menu end @@ -140,7 +140,7 @@ menu begin Standard Security Profile Enabled (default setting) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=standard + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1 ipappend 2 label S5 @@ -150,7 +150,7 @@ menu begin Extended Security Profile Enabled (will impact performance) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=extended + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1 ipappend 2 menu end @@ -164,7 +164,7 @@ menu begin Standard Security Profile Enabled (default setting) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1 ipappend 2 label S6 @@ -174,7 +174,7 @@ menu begin Extended Security Profile Enabled (will impact performance) endtext kernel vmlinuz - append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended + append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1 ipappend 2 menu end menu end diff --git a/bsp-files/pxeboot_grub.cfg b/bsp-files/pxeboot_grub.cfg index 997d3cde..9e8aaeea 100644 --- a/bsp-files/pxeboot_grub.cfg +++ b/bsp-files/pxeboot_grub.cfg @@ -21,12 +21,12 @@ submenu 'UEFI Standard Controller' { submenu 'Serial Console' { menuentry 'STANDARD Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1 initrdefi initrd.img } menuentry 'EXTENDED Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi initrd.img } } @@ -34,12 +34,12 @@ submenu 'UEFI Standard Controller' { submenu 'Graphical Console' { menuentry 'STANDARD Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1 initrdefi initrd.img } menuentry 'EXTENDED Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi initrd.img } } @@ -50,12 +50,12 @@ submenu 'UEFI All-in-one Controller' { submenu 'Serial Console' { menuentry 'STANDARD Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1 initrdefi initrd.img } menuentry 'EXTENDED Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi initrd.img } } @@ -63,12 +63,12 @@ submenu 'UEFI All-in-one Controller' { submenu 'Graphical Console' { menuentry 'STANDARD Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1 initrdefi initrd.img } menuentry 'EXTENDED Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi initrd.img } } @@ -79,12 +79,12 @@ submenu 'UEFI All-in-one (lowlatency) Controller' { submenu 'Serial Console' { menuentry 'STANDARD Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1 initrdefi initrd.img } menuentry 'EXTENDED Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi initrd.img } } @@ -92,12 +92,12 @@ submenu 'UEFI All-in-one (lowlatency) Controller' { submenu 'Graphical Console' { menuentry 'STANDARD Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1 initrdefi initrd.img } menuentry 'EXTENDED Security Boot Profile' { set root=${pxe_root} - linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true + linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1 initrdefi initrd.img } } diff --git a/installer/pxe-network-installer/centos/build_srpm.data b/installer/pxe-network-installer/centos/build_srpm.data index a3856e13..0c11c127 100644 --- a/installer/pxe-network-installer/centos/build_srpm.data +++ b/installer/pxe-network-installer/centos/build_srpm.data @@ -7,6 +7,6 @@ COPY_LIST="pxe-network-installer/* \ /import/mirrors/CentOS/tis-installer/vmlinuz-stx-0.2 \ " -TIS_PATCH_VER=26 +TIS_PATCH_VER=27 BUILD_IS_BIG=4 BUILD_IS_SLOW=4 diff --git a/installer/pxe-network-installer/pxe-network-installer/pxeboot-update.sh b/installer/pxe-network-installer/pxe-network-installer/pxeboot-update.sh index 222eda4d..4a2d6f83 100755 --- a/installer/pxe-network-installer/pxe-network-installer/pxeboot-update.sh +++ b/installer/pxe-network-installer/pxe-network-installer/pxeboot-update.sh @@ -157,6 +157,9 @@ fi # We now require GPT partitions for all disks regardless of size APPEND_OPTIONS="$APPEND_OPTIONS inst.gpt" +# Add k8s support for namespaces +APPEND_OPTIONS="$APPEND_OPTIONS user_namespace.enable=1" + if [ -n "$security_profile" ] then APPEND_OPTIONS="$APPEND_OPTIONS security_profile=$security_profile"