Update boot configs to match CentOS 7.5 kernel

To improve kubernetes support, update kernel to CentOS 7.5 version
and enable user namespaces in kernel bootargs.

Depends-On:  https://review.openstack.org/580689

Change-Id: I4d8620ea17a19a764c6627cd79eb548c79c56bfd
Signed-off-by: Jason McKenna <jason.mckenna@windriver.com>
Story: 2002761
Task: 22841
This commit is contained in:
jmckenna 2018-07-06 08:24:30 -04:00
parent 7be3b9085a
commit bb036defd6
9 changed files with 67 additions and 58 deletions

View File

@ -40,7 +40,7 @@ menu begin
endtext endtext
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S0 label S0
menu label EXTENDED Security Boot Profile menu label EXTENDED Security Boot Profile
@ -50,7 +50,7 @@ menu begin
endtext endtext
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end menu end
# Graphical Console submenu # Graphical Console submenu
@ -64,7 +64,7 @@ menu begin
endtext endtext
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S1 label S1
menu label EXTENDED Security Boot Profile menu label EXTENDED Security Boot Profile
@ -74,7 +74,7 @@ menu begin
endtext endtext
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end menu end
menu end menu end
@ -94,7 +94,7 @@ menu begin
endtext endtext
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S2 label S2
menu label EXTENDED Security Boot Profile menu label EXTENDED Security Boot Profile
@ -105,7 +105,7 @@ menu begin
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
# Security profile option # Security profile option
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end menu end
# Graphical Console submenu # Graphical Console submenu
@ -119,7 +119,7 @@ menu begin
endtext endtext
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S3 label S3
menu label EXTENDED Security Boot Profile menu label EXTENDED Security Boot Profile
@ -129,7 +129,7 @@ menu begin
endtext endtext
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end menu end
menu end menu end
@ -149,7 +149,7 @@ menu begin
endtext endtext
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S4 label S4
menu label EXTENDED Security Boot Profile menu label EXTENDED Security Boot Profile
@ -159,7 +159,7 @@ menu begin
endtext endtext
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended append rootwait console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end menu end
# Graphical Console submenu # Graphical Console submenu
@ -173,7 +173,7 @@ menu begin
endtext endtext
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=standard user_namespace.enable=1
label S5 label S5
menu label EXTENDED Security Boot Profile menu label EXTENDED Security Boot Profile
@ -183,6 +183,6 @@ menu begin
endtext endtext
kernel vmlinuz kernel vmlinuz
initrd initrd.img initrd initrd.img
append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended append rootwait console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 inst.gpt security_profile=extended user_namespace.enable=1
menu end menu end
menu end menu end

View File

@ -37,16 +37,16 @@ menuentry ' ' {
submenu 'UEFI Standard Controller Configuration' --id=standard { submenu 'UEFI Standard Controller Configuration' --id=standard {
submenu 'Serial Console' --id=serial { submenu 'Serial Console' --id=serial {
menuentry 'STANDARD Security Profile' --id=standard { menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
submenu 'EXTENDED Security Profile' --id=extended { submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot { menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
menuentry 'Trusted Boot Profile' --id=tboot { menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
} }
@ -54,16 +54,16 @@ submenu 'UEFI Standard Controller Configuration' --id=standard {
submenu 'Graphical Console' --id=graphical { submenu 'Graphical Console' --id=graphical {
menuentry 'STANDARD Security Profile' --id=standard { menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
submenu 'EXTENDED Security Profile' --id=extended { submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot { menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
menuentry 'Trusted Boot Profile' --id=tboot { menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 serial inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
} }
@ -79,16 +79,16 @@ menuentry ' '{
submenu 'UEFI All-in-one Controller Configuration' --id=aio { submenu 'UEFI All-in-one Controller Configuration' --id=aio {
submenu 'Serial Console' --id=serial { submenu 'Serial Console' --id=serial {
menuentry 'STANDARD Security Profile' --id=standard { menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
submenu 'EXTENDED Security Profile' --id=extended { submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot { menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
menuentry 'Trusted Boot Profile' --id=tboot { menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
} }
@ -96,16 +96,16 @@ submenu 'UEFI All-in-one Controller Configuration' --id=aio {
submenu 'Graphical Console' --id=graphical { submenu 'Graphical Console' --id=graphical {
menuentry 'STANDARD Security Profile' --id=standard { menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
submenu 'EXTENDED Security Profile' --id=extended { submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot { menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
menuentry 'Trusted Boot Profile' --id=tboot { menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
} }
@ -121,16 +121,16 @@ menuentry ' '{
submenu 'UEFI All-in-one (lowlatency) Controller Configuration' --id=aio-lowlat { submenu 'UEFI All-in-one (lowlatency) Controller Configuration' --id=aio-lowlat {
submenu 'Serial Console' --id=serial { submenu 'Serial Console' --id=serial {
menuentry 'STANDARD Security Profile' --id=standard { menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
submenu 'EXTENDED Security Profile' --id=extended { submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot { menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
menuentry 'Trusted Boot Profile' --id=tboot { menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=ttyS0,115200 inst.text serial inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
} }
@ -138,16 +138,16 @@ submenu 'UEFI All-in-one (lowlatency) Controller Configuration' --id=aio-lowlat
submenu 'Graphical Console' --id=graphical { submenu 'Graphical Console' --id=graphical {
menuentry 'STANDARD Security Profile' --id=standard { menuentry 'STANDARD Security Profile' --id=standard {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=standard user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
submenu 'EXTENDED Security Profile' --id=extended { submenu 'EXTENDED Security Profile' --id=extended {
menuentry 'Secure Boot Profile' --id=secureboot { menuentry 'Secure Boot Profile' --id=secureboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=false user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
menuentry 'Trusted Boot Profile' --id=tboot { menuentry 'Trusted Boot Profile' --id=tboot {
linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true linuxefi /vmlinuz inst.ks=hd:LABEL=oe_iso_boot:/smallsystem_lowlatency_ks.cfg boot_device=sda rootfs_device=sda biosdevname=0 usbcore.autosuspend=-1 console=tty0 inst.text inst.stage2=hd:LABEL=oe_iso_boot inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi /initrd.img initrdefi /initrd.img
} }
} }

View File

@ -79,7 +79,9 @@ then
KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0" KERN_OPTS="${KERN_OPTS} kvm-intel.eptad=0"
fi fi
KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" # k8s updates:
#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
KERN_OPTS="${KERN_OPTS} user_namespace.enable=1"
# Add kernel option to avoid jiffies_lock contention on real-time kernel # Add kernel option to avoid jiffies_lock contention on real-time kernel
if [[ "$subfunction" =~ lowlatency ]]; then if [[ "$subfunction" =~ lowlatency ]]; then

View File

@ -24,7 +24,9 @@ if [ $? -ne 0 ]; then
KERN_OPTS="${KERN_OPTS} biosdevname=0" KERN_OPTS="${KERN_OPTS} biosdevname=0"
fi fi
KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" # k8s updates
#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
KERN_OPTS="${KERN_OPTS} user_namespace.enable=1"
# If the installer asked us to use security related kernel params, use # If the installer asked us to use security related kernel params, use
# them in the grub line as well (until they can be configured via puppet) # them in the grub line as well (until they can be configured via puppet)

View File

@ -18,7 +18,9 @@ if [ $? -ne 0 ]; then
KERN_OPTS="${KERN_OPTS} biosdevname=0" KERN_OPTS="${KERN_OPTS} biosdevname=0"
fi fi
KERN_OPTS="${KERN_OPTS} cgroup_disable=memory" # k8s updates:
#KERN_OPTS="${KERN_OPTS} cgroup_disable=memory"
KERN_OPTS="${KERN_OPTS} user_namespace.enable=1"
# If the installer asked us to use security related kernel params, use # If the installer asked us to use security related kernel params, use
# them in the grub line as well (until they can be configured via puppet) # them in the grub line as well (until they can be configured via puppet)

View File

@ -36,7 +36,7 @@ menu begin
Standard Security Profile Enabled (default setting) Standard Security Profile Enabled (default setting)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2 ipappend 2
label S1 label S1
@ -46,7 +46,7 @@ menu begin
Extended Security Profile Enabled (will impact performance) Extended Security Profile Enabled (will impact performance)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2 ipappend 2
menu end menu end
@ -60,7 +60,7 @@ menu begin
Standard Security Profile Enabled (default setting) Standard Security Profile Enabled (default setting)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2 ipappend 2
label S2 label S2
@ -70,7 +70,7 @@ menu begin
Extended Security Profile Enabled (will impact performance) Extended Security Profile Enabled (will impact performance)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2 ipappend 2
menu end menu end
menu end menu end
@ -88,7 +88,7 @@ menu begin
Standard Security Profile Enabled (default setting) Standard Security Profile Enabled (default setting)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2 ipappend 2
label S3 label S3
@ -98,7 +98,7 @@ menu begin
Extended Security Profile Enabled (will impact performance) Extended Security Profile Enabled (will impact performance)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2 ipappend 2
menu end menu end
@ -112,7 +112,7 @@ menu begin
Standard Security Profile Enabled (default setting) Standard Security Profile Enabled (default setting)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2 ipappend 2
label S4 label S4
@ -122,7 +122,7 @@ menu begin
Extended Security Profile Enabled (will impact performance) Extended Security Profile Enabled (will impact performance)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2 ipappend 2
menu end menu end
menu end menu end
@ -140,7 +140,7 @@ menu begin
Standard Security Profile Enabled (default setting) Standard Security Profile Enabled (default setting)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=standard append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2 ipappend 2
label S5 label S5
@ -150,7 +150,7 @@ menu begin
Extended Security Profile Enabled (will impact performance) Extended Security Profile Enabled (will impact performance)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=extended append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=ttyS0,115200n8 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2 ipappend 2
menu end menu end
@ -164,7 +164,7 @@ menu begin
Standard Security Profile Enabled (default setting) Standard Security Profile Enabled (default setting)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
ipappend 2 ipappend 2
label S6 label S6
@ -174,7 +174,7 @@ menu begin
Extended Security Profile Enabled (will impact performance) Extended Security Profile Enabled (will impact performance)
endtext endtext
kernel vmlinuz kernel vmlinuz
append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended append initrd=initrd.img bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended user_namespace.enable=1
ipappend 2 ipappend 2
menu end menu end
menu end menu end

View File

@ -21,12 +21,12 @@ submenu 'UEFI Standard Controller' {
submenu 'Serial Console' { submenu 'Serial Console' {
menuentry 'STANDARD Security Boot Profile' { menuentry 'STANDARD Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
menuentry 'EXTENDED Security Boot Profile' { menuentry 'EXTENDED Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
} }
@ -34,12 +34,12 @@ submenu 'UEFI Standard Controller' {
submenu 'Graphical Console' { submenu 'Graphical Console' {
menuentry 'STANDARD Security Boot Profile' { menuentry 'STANDARD Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
menuentry 'EXTENDED Security Boot Profile' { menuentry 'EXTENDED Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_controller.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
} }
@ -50,12 +50,12 @@ submenu 'UEFI All-in-one Controller' {
submenu 'Serial Console' { submenu 'Serial Console' {
menuentry 'STANDARD Security Boot Profile' { menuentry 'STANDARD Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
menuentry 'EXTENDED Security Boot Profile' { menuentry 'EXTENDED Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
} }
@ -63,12 +63,12 @@ submenu 'UEFI All-in-one Controller' {
submenu 'Graphical Console' { submenu 'Graphical Console' {
menuentry 'STANDARD Security Boot Profile' { menuentry 'STANDARD Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
menuentry 'EXTENDED Security Boot Profile' { menuentry 'EXTENDED Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
} }
@ -79,12 +79,12 @@ submenu 'UEFI All-in-one (lowlatency) Controller' {
submenu 'Serial Console' { submenu 'Serial Console' {
menuentry 'STANDARD Security Boot Profile' { menuentry 'STANDARD Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
menuentry 'EXTENDED Security Boot Profile' { menuentry 'EXTENDED Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text serial console=ttyS0,115200n8 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
} }
@ -92,12 +92,12 @@ submenu 'UEFI All-in-one (lowlatency) Controller' {
submenu 'Graphical Console' { submenu 'Graphical Console' {
menuentry 'STANDARD Security Boot Profile' { menuentry 'STANDARD Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=standard user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
menuentry 'EXTENDED Security Boot Profile' { menuentry 'EXTENDED Security Boot Profile' {
set root=${pxe_root} set root=${pxe_root}
linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true linuxefi vmlinuz bootifonly=1 devfs=nomount inst.repo=xxxHTTP_URLxxx inst.ks=xxxHTTP_URLxxx/pxeboot_smallsystem_lowlatency.cfg ksdevice=$net_default_mac BOOTIF=$net_default_mac boot_device=sda rootfs_device=sda biosdevname=0 inst.text console=tty0 inst.gpt security_profile=extended tboot=true user_namespace.enable=1
initrdefi initrd.img initrdefi initrd.img
} }
} }

View File

@ -7,6 +7,6 @@ COPY_LIST="pxe-network-installer/* \
/import/mirrors/CentOS/tis-installer/vmlinuz-stx-0.2 \ /import/mirrors/CentOS/tis-installer/vmlinuz-stx-0.2 \
" "
TIS_PATCH_VER=26 TIS_PATCH_VER=27
BUILD_IS_BIG=4 BUILD_IS_BIG=4
BUILD_IS_SLOW=4 BUILD_IS_SLOW=4

View File

@ -157,6 +157,9 @@ fi
# We now require GPT partitions for all disks regardless of size # We now require GPT partitions for all disks regardless of size
APPEND_OPTIONS="$APPEND_OPTIONS inst.gpt" APPEND_OPTIONS="$APPEND_OPTIONS inst.gpt"
# Add k8s support for namespaces
APPEND_OPTIONS="$APPEND_OPTIONS user_namespace.enable=1"
if [ -n "$security_profile" ] if [ -n "$security_profile" ]
then then
APPEND_OPTIONS="$APPEND_OPTIONS security_profile=$security_profile" APPEND_OPTIONS="$APPEND_OPTIONS security_profile=$security_profile"