@underpostnet/underpost 2.95.8 → 2.96.1

package/README.md

@@ -18,7 +18,7 @@
 
 <!-- badges -->
 
-[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/2.95.8)](https://socket.dev/npm/package/underpost/overview/2.95.8) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
+[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/2.96.1)](https://socket.dev/npm/package/underpost/overview/2.96.1) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
 
 <!-- end-badges -->
 
@@ -66,7 +66,7 @@ Run dev client server
 npm run dev
 ```
 <!-- -->
-## underpost ci/cd cli v2.95.8
+## underpost ci/cd cli v2.96.1
 
 ### Usage: `underpost [options] [command]`
   ```

package/baremetal/commission-workflows.json

@@ -0,0 +1,44 @@
+{
+  "rpi4mb": {
+    "menuentryStr": "UNDERPOST.NET UEFI/GRUB/MAAS RPi4 commissioning (ARM64)",
+    "systemProvisioning": "ubuntu",
+    "kernelLibVersion": "6.8.0-41-generic",
+    "networkInterfaceName": "enabcm6e4ei0",
+    "netmask": "255.255.255.0",
+    "firmwares": [
+      {
+        "url": "https://github.com/pftf/RPi4/releases/download/v1.41/RPi4_UEFI_Firmware_v1.41.zip",
+        "gateway": "192.168.1.1",
+        "subnet": "255.255.255.0"
+      }
+    ],
+    "chronyc": {
+      "timezone": "America/New_York",
+      "chronyConfPath": "/etc/chrony/chrony.conf"
+    },
+    "debootstrap": {
+      "image": {
+        "architecture": "arm64",
+        "name": "noble"
+      }
+    },
+    "maas": {
+      "image": {
+        "architecture": "arm64/ga-24.04",
+        "name": "ubuntu/noble"
+      }
+    },
+    "nfs": {
+      "mounts": {
+        "bind": [
+          "/proc",
+          "/sys",
+          "/run"
+        ],
+        "rbind": [
+          "/dev"
+        ]
+      }
+    }
+  }
+}

package/baremetal/packer-workflows.json

@@ -0,0 +1,24 @@
+{
+  "Rocky9Amd64": {
+    "dir": "packer/images/Rocky9Amd64",
+    "maas": {
+      "name": "custom/rocky9",
+      "title": "Rocky 9 Custom",
+      "architecture": "amd64/generic",
+      "base_image": "rhel/9",
+      "filetype": "tgz",
+      "content": "rocky9.tar.gz"
+    }
+  },
+  "Rocky9Arm64": {
+    "dir": "packer/images/Rocky9Arm64",
+    "maas": {
+      "name": "custom/rocky9-arm64",
+      "title": "Rocky 9 Arm64 Custom",
+      "architecture": "arm64/generic",
+      "base_image": "rhel/9",
+      "filetype": "tgz",
+      "content": "rocky9.tar.gz"
+    }
+  }
+}

package/cli.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v2.95.8
+## underpost ci/cd cli v2.96.1
 
 ### Usage: `underpost [options] [command]`
   ```
@@ -268,14 +268,16 @@ Options:
 Manages Underpost configurations using various operators.
 
 Arguments:
-  operator    The configuration operation to perform. Options: set, delete,
-              get, list, clean.
-  key         Optional: The specific configuration key to manage.
-  value       Optional: The value to set for the configuration key.
+  operator            The configuration operation to perform. Options: set,
+                      delete, get, list, clean.
+  key                 Optional: The specific configuration key to manage.
+  value               Optional: The value to set for the configuration key.
 
 Options:
-  --plain     Prints the configuration value in plain text.
-  -h, --help  display help for command
+  --plain             Prints the configuration value in plain text.
+  --filter <keyword>  Filters the list by matching key or value (only for list
+                      operation).
+  -h, --help          display help for command
  
 ```
   
@@ -898,30 +900,26 @@ Manages baremetal server operations, including installation, database setup,
 commissioning, and user management.
 
 Options:
-  --control-server-install       Installs the baremetal control server.
-  --control-server-uninstall     Uninstalls the baremetal control server.
-  --control-server-db-install    Installs up the database for the baremetal
-                                 control server.
-  --control-server-db-uninstall  Uninstalls the database for the baremetal
-                                 control server.
-  --commission                   Init workflow for commissioning a physical
-                                 machine.
-  --nfs-build                    Builds an NFS root filesystem for a workflow
-                                 id config architecture using QEMU emulation.
-  --nfs-mount                    Mounts the NFS root filesystem for a workflow
-                                 id config architecture.
-  --nfs-unmount                  Unmounts the NFS root filesystem for a
-                                 workflow id config architecture.
-  --nfs-sh                       Copies QEMU emulation root entrypoint shell
-                                 command to the clipboard.
-  --cloud-init-update            Updates cloud init for a workflow id config
-                                 architecture.
-  --logs <log-id>                Displays logs for log id: dhcp, cloud,
-                                 machine, cloud-config.
-  --dev                          Sets the development context environment for
-                                 baremetal operations.
-  --ls                           Lists available boot resources and machines.
-  -h, --help                     display help for command
+  --control-server-install                      Installs the baremetal control server.
+  --control-server-uninstall                    Uninstalls the baremetal control server.
+  --control-server-db-install                   Installs up the database for the baremetal control server.
+  --control-server-db-uninstall                 Uninstalls the database for the baremetal control server.
+  --install-packer                              Installs Packer CLI.
+  --packer-maas-image-template <template-path>  Creates a new image folder from canonical/packer-maas template path (requires workflow-id).
+  --packer-workflow-id <workflow-id>            Specifies the workflow ID for Packer MAAS image operations.
+  --packer-maas-image-build                     Builds a MAAS image using Packer for the workflow specified by --packer-workflow-id.
+  --packer-maas-image-upload                    Uploads an existing MAAS image artifact without rebuilding for the workflow specified by --packer-workflow-id.
+  --packer-maas-image-cached                    Continue last build without removing artifacts (used with --packer-maas-image-build).
+  --commission                                  Init workflow for commissioning a physical machine.
+  --nfs-build                                   Builds an NFS root filesystem for a workflow id config architecture using QEMU emulation.
+  --nfs-mount                                   Mounts the NFS root filesystem for a workflow id config architecture.
+  --nfs-unmount                                 Unmounts the NFS root filesystem for a workflow id config architecture.
+  --nfs-sh                                      Copies QEMU emulation root entrypoint shell command to the clipboard.
+  --cloud-init-update                           Updates cloud init for a workflow id config architecture.
+  --logs <log-id>                               Displays logs for log id: dhcp, cloud, machine, cloud-config.
+  --dev                                         Sets the development context environment for baremetal operations.
+  --ls                                          Lists available boot resources and machines.
+  -h, --help                                    display help for command
  
 ```
   

package/manifests/deployment/dd-default-development/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-blue
-          image: localhost/rockylinux9-underpost:v2.95.8
+          image: localhost/rockylinux9-underpost:v2.96.1
           #          resources:
           #            requests:
           #              memory: "124Ki"
@@ -100,7 +100,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-green
-          image: localhost/rockylinux9-underpost:v2.95.8
+          image: localhost/rockylinux9-underpost:v2.96.1
           #          resources:
           #            requests:
           #              memory: "124Ki"

package/manifests/deployment/dd-test-development/deployment.yaml

@@ -18,7 +18,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-blue
-          image: localhost/rockylinux9-underpost:v2.95.8
+          image: localhost/rockylinux9-underpost:v2.96.1
 
           command:
             - /bin/sh
@@ -103,7 +103,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-green
-          image: localhost/rockylinux9-underpost:v2.95.8
+          image: localhost/rockylinux9-underpost:v2.96.1
 
           command:
             - /bin/sh

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "@underpostnet/underpost",
-    "version": "2.95.8",
+    "version": "2.96.1",
     "description": "pwa api rest template",
     "scripts": {
         "start": "env-cmd -f .env.production node --max-old-space-size=8192 src/server",

package/packer/images/Rocky9Amd64/Makefile

@@ -0,0 +1,62 @@
+#!/usr/bin/make -f
+
+include ../scripts/check.mk
+
+PACKER ?= packer
+PACKER_LOG ?= 0
+TIMEOUT ?= 1h
+ARCH ?= x86_64
+
+# Detect if running on ARM host
+ifeq ($(shell uname -m),aarch64)
+    HOST_IS_ARM = true
+else
+    HOST_IS_ARM = false
+endif
+
+ifeq ($(wildcard /usr/share/OVMF/OVMF_CODE.fd),)
+	OVMF_SFX ?= _4M
+else
+	OVMF_SFX ?=
+endif
+
+export PACKER_LOG
+
+# Fallback
+ifeq ($(strip $(ARCH)),amd64)
+	ARCH = x86_64
+endif
+
+.PHONY: all clean
+
+all: rocky9.tar.gz
+
+$(eval $(call check_packages_deps))
+
+lint:
+	packer validate .
+	packer fmt -check -diff .
+
+format:
+	packer fmt .
+
+OVMF_VARS.fd: /usr/share/OVMF/OVMF_VARS${OVMF_SFX}.fd
+	cp -v $< ${ARCH}_VARS.fd
+
+SIZE_VARS.fd:
+ifeq ($(strip $(ARCH)),aarch64)
+	truncate -s 64m ${ARCH}_VARS.fd
+else
+	truncate -s 2m ${ARCH}_VARS.fd
+endif
+
+rocky9.tar.gz: check-deps clean OVMF_VARS.fd SIZE_VARS.fd
+	${PACKER} init rocky9.pkr.hcl && ${PACKER} build \
+		-var architecture=${ARCH} \
+		-var host_is_arm=${HOST_IS_ARM} \
+		-var timeout=${TIMEOUT} \
+		-var ovmf_suffix=${OVMF_SFX} \
+		rocky9.pkr.hcl
+
+clean:
+	${RM} -rf *.fd output-rocky9 rocky9.tar.gz

package/packer/images/Rocky9Amd64/QUICKSTART.md

@@ -0,0 +1,113 @@
+# Quick Start Guide - Rocky9 MAAS Image Build
+
+## Prerequisites Check
+
+Run these commands to verify your system is ready:
+
+```bash
+# Check hardware virtualization
+egrep -c '(vmx|svm)' /proc/cpuinfo  # Should be > 0
+
+# Check libvirt
+systemctl status libvirtd
+
+# Check QEMU
+qemu-system-x86_64 --version
+
+# Check Packer
+packer version
+```
+
+## Build Commands
+
+```bash
+# From the engine root directory
+cd /home/dd/engine
+
+# Option 1: Build and Upload (recommended)
+node bin baremetal --dev --packer-workflow-id Rocky9Amd64 --packer-maas-image-build
+
+# Option 2: Upload Only (skip rebuild, use existing artifact)
+node bin baremetal --dev --packer-workflow-id Rocky9Amd64 --packer-maas-image-upload
+
+# Option 3: Manual build
+cd packer/images/Rocky9Amd64
+packer init .
+PACKER_LOG=1 packer build .
+```
+
+## Build Process Timeline
+
+- **Download ISO**: ~5-10 minutes (1.3GB)
+- **VM Installation**: ~20-40 minutes
+- **Post-processing**: ~5-10 minutes
+- **Total**: ~30-60 minutes
+
+## Output
+
+The build produces:
+- `rocky9.tar.gz` - The MAAS-ready image (~1.2GB)
+
+## Upload to MAAS
+
+After successful build, upload happens automatically. To re-upload:
+
+```bash
+# Option 1: Use the CLI (recommended, includes MAAS profile auto-detection)
+node bin baremetal --dev --packer-workflow-id Rocky9Amd64 --packer-maas-image-upload
+
+# Option 2: Use the upload script directly
+./scripts/maas-upload-boot-resource.sh maas \
+  custom/rocky9 \
+  "Rocky 9 Custom" \
+  amd64/generic \
+  rhel/9 \
+  tgz \
+  packer/images/Rocky9Amd64/rocky9.tar.gz
+```
+
+### Upload-Only Flag Benefits
+
+The `--packer-maas-image-upload` flag allows you to:
+- ⚡ **Skip rebuild** - Saves 30-60 minutes
+- 💾 **Reuse artifacts** - Uses existing 1.2GB tarball
+- 🔄 **Retry uploads** - Re-upload if upload failed
+- 🎯 **Test uploads** - Upload to different MAAS instances
+
+## Common Issues
+
+### "No checksum found"
+✅ Fixed - ISO URL now uses Rocky-9-latest naming
+
+### "qemu-system-x86_64 not found"  
+✅ Fixed - Symlink created to /usr/libexec/qemu-kvm
+
+### "OVMF_CODE.fd not found"
+✅ Fixed - OVMF symlinks created
+
+### Build hangs or times out
+- Check system resources (RAM, CPU)
+- Verify network connectivity
+- Check logs: `packer_cache/` and console output
+
+## Monitoring Build Progress
+
+Watch the Packer output for:
+```
+==> qemu.rocky9: Downloading ISO...
+==> qemu.rocky9: Starting HTTP server on port...
+==> qemu.rocky9: Starting VM...
+==> qemu.rocky9: Waiting for shutdown...
+==> qemu.rocky9: Converting image...
+```
+
+## Clean Up After Build
+
+```bash
+# Remove build artifacts (keep only the tarball)
+cd packer/images/Rocky9Amd64
+rm -rf output-rocky9 packer_cache x86_64_VARS.fd
+
+# Disconnect NBD devices if build failed
+for i in {0..15}; do sudo qemu-nbd -d /dev/nbd${i} 2>/dev/null; done
+```

package/packer/images/Rocky9Amd64/README.md

@@ -0,0 +1,122 @@
+# Rocky 9 Packer template for MAAS
+
+## Introduction
+
+The Packer template in this directory creates a Rocky 9 AMD64/ARM64 image for use with MAAS.
+
+## Prerequisites to create the image
+
+* A machine running Ubuntu 22.04+ with the ability to run KVM virtual machines.
+* qemu-utils, libnbd-bin, nbdkit and fuse2fs
+* qemu-system
+* qemu-system-modules-spice (If building on Ubuntu 24.04 LTS "Noble")
+* ovmf
+* cloud-image-utils
+* parted
+* [Packer.](https://www.packer.io/intro/getting-started/install.html), v1.11.0 or newer
+
+## Requirements to deploy the image
+
+* [MAAS](https://maas.io) 3.3 or later, as that version introduces support for Rocky
+* [Curtin](https://launchpad.net/curtin) 22.1. If you have a MAAS with an earlier Curtin version, you can [patch](https://code.launchpad.net/~xnox/curtin/+git/curtin/+merge/415604) distro.py to deploy Rocky.
+
+## Customizing the image
+
+You can customize the deployment image by modifying http/rocky.ks. See the [RHEL kickstart documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/performing_an_advanced_rhel_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#part-or-partition_kickstart-commands-for-handling-storage) for more information.
+
+## Building the image using a proxy
+
+The Packer template downloads the Rocky ISO image from the Internet. You can tell Packer to use a proxy by setting the HTTP_PROXY environment variable to point to your proxy server. You can also redefine rocky_iso_url to a local file. If you want to skip the base image integrity check, set iso_checksum_type to none and remove iso_checksum.
+
+To use a proxy during the installation define the `KS_PROXY` variable in the environment, as bellow:
+
+```shell
+export KS_PROXY="\"${HTTP_PROXY}\""
+```
+
+# Building the image using a kickstart mirror
+
+To tell Packer to use a specific mirror set the `KS_MIRROR` environment variable
+poiniting to the mirror URL.
+
+```shell
+export KS_MIRROR="https://dl.rockylinux.org/pub/rocky/9"
+```
+
+## Building an image
+
+You can build the image using the Makefile:
+
+```shell
+make
+```
+
+You can also manually run packer. Set your current working directory to packer-maas/rocky9, where this file resides, and generate an image with:
+
+```shell
+packer init
+PACKER_LOG=1 packer build .
+```
+
+The installation runs in a non-interactive mode.
+
+Note: rocky9.pkr.hcl runs Packer in headless mode, with the serial port output from qemu redirected to stdio to give feedback on image creation process. If you wish to see more, change the value of `headless` to `false` in rocky9.pkr.hcl, remove `[ "-serial", "stdio" ]` from `qemuargs` section and select `View`, then `serial0` in the qemu window that appears during build. This lets you watch progress of the image build script. Press `ctrl-b 2` to switch to shell to explore more, and `ctrl-b 1` to go back to log view.
+
+### Makefile Parameters
+
+#### ARCH
+
+Defaults to x86_64 to build AMD64 compatible images. In order to build ARM64 images, use ARCH=aarch64
+
+#### TIMEOUT
+
+The timeout to apply when building the image. The default value is set to 1h.
+
+## Uploading an image to MAAS
+
+```shell
+maas $PROFILE boot-resources create name='custom/rocky9' \
+    title='Rocky 9 Custom' architecture='amd64/generic' \
+    base_image='rhel/9' filetype='tgz' \
+    content@=rocky9.tar.gz
+```
+
+For ARM64, use:
+
+```shell
+maas $PROFILE boot-resources create name='custom/rocky9' \
+    title='Rocky 9 Custom' architecture='arm64/generic' \
+    base_image='rhel/9' filetype='tgz' \
+    content@=rocky9.tar.gz
+```
+
+Please note that, currently due to lack of support in curtin, deploying ARM64 images needs a preseed file. This is due to [LP# 2090874](https://bugs.launchpad.net/curtin/+bug/2090874) and currently is in the process of getting fixed.
+
+```
+#cloud-config
+debconf_selections:
+ maas: |
+  {{for line in str(curtin_preseed).splitlines()}}
+  {{line}}
+  {{endfor}}
+
+extract_commands:
+  grub_install: curtin in-target -- cp -v /boot/efi/EFI/rocky/shimaa64.efi /boot/efi/EFI/rocky/shimx64.efi
+
+late_commands:
+  maas: [wget, '--no-proxy', '{{node_disable_pxe_url}}', '--post-data', '{{node_disable_pxe_data}}', '-O', '/dev/null']
+  bootloader_01: ["curtin", "in-target", "--", "cp", "-v", "/boot/efi/EFI/rocky/shimaa64.efi", "/boot/efi/EFI/BOOT/bootaa64.efi"]
+  bootloader_02: ["curtin", "in-target", "--", "cp", "-v", "/boot/efi/EFI/rocky/grubaa64.efi", "/boot/efi/EFI/BOOT/"]
+```
+
+This file needs to be saved on Region Controllers under /var/snap/maas/current/preseeds/curtin_userdata_custom_arm64_generic_rocky9 or /etc/maas/preseeds/curtin_userdata_custom_arm64_generic_rocky9. The last portion of this file must match the image name uploaded in MAAS.
+
+## Default username
+
+MAAS uses cloud-init to create ```cloud-user``` account using the ssh keys configured for the MAAS admin user (e.g. imported from Launchpad). Log in to the machine:
+
+```shell
+ssh -i ~/.ssh/<your_identity_file> cloud-user@<machine-ip-address>
+```
+
+Next to that, the kickstart script creates an account with both username and password set to  ```rocky```. Note that the default sshd configuration in Rocky 9 disallows password-based authentication when logging in via ssh, so trying `ssh rocky@<machine-ip-address>` will fail. Password-based authentication can be enabled by having `PasswordAuthentication yes` in /etc/ssh/sshd_config after logging in with ```cloud-user```. Perhaps there is a way to make that change using kickstart script, but it is not obvious as ```anaconda```, the installer, makes its own changes to sshd_config file during installation. If you know how to do this, a PR is welcome.

package/packer/images/Rocky9Amd64/http/rocky9.ks.pkrtpl.hcl

@@ -0,0 +1,114 @@
+url ${KS_OS_REPOS} ${KS_PROXY}
+repo --name="AppStream" ${KS_APPSTREAM_REPOS} ${KS_PROXY}
+repo --name="Extras" ${KS_EXTRAS_REPOS} ${KS_PROXY}
+
+eula --agreed
+
+# Turn off after installation
+poweroff
+
+# Do not start the Inital Setup app
+firstboot --disable
+
+# System language, keyboard and timezone
+lang en_US.UTF-8
+keyboard us
+timezone UTC --utc
+
+# Set the first NIC to acquire IPv4 address via DHCP
+network --device eth0 --bootproto=dhcp
+# Enable firewal, let SSH through
+firewall --enabled --service=ssh
+# Enable SELinux with default enforcing policy
+selinux --enforcing
+
+# Do not set up XX Window System
+skipx
+
+# Initial disk setup
+# Use the first paravirtualized disk
+ignoredisk --only-use=vda
+# No need for bootloader
+bootloader --disabled
+# Wipe invalid partition tables
+zerombr
+# Erase all partitions and assign default labels
+clearpart --all --initlabel
+# Initialize the primary root partition with ext4 filesystem
+part / --size=1 --grow --asprimary --fstype=ext4
+
+# Set root password
+rootpw --plaintext password
+
+# Add a user named packer
+user --groups=wheel --name=rocky --password=rocky --plaintext --gecos="rocky"
+
+%post --erroronfail
+# workaround anaconda requirements and clear root password
+passwd -d root
+passwd -l root
+
+# Clean up install config not applicable to deployed environments.
+for f in resolv.conf fstab; do
+    rm -f /etc/$f
+    touch /etc/$f
+    chown root:root /etc/$f
+    chmod 644 /etc/$f
+done
+
+rm -f /etc/sysconfig/network-scripts/ifcfg-[^lo]*
+
+# Kickstart copies install boot options. Serial is turned on for logging with
+# Packer which disables console output. Disable it so console output is shown
+# during deployments
+sed -i 's/^GRUB_TERMINAL=.*/GRUB_TERMINAL_OUTPUT="console"/g' /etc/default/grub
+sed -i '/GRUB_SERIAL_COMMAND="serial"/d' /etc/default/grub
+sed -ri 's/(GRUB_CMDLINE_LINUX=".*)\s+console=ttyS0(.*")/\1\2/' /etc/default/grub
+sed -i 's/GRUB_ENABLE_BLSCFG=.*/GRUB_ENABLE_BLSCFG=false/g' /etc/default/grub
+
+dnf clean all
+
+# Passwordless sudo for the user 'rocky'
+echo "rocky ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/rocky
+chmod 440 /etc/sudoers.d/rocky
+
+#---- Optional - Install your SSH key ----
+# mkdir -m0700 /home/rocky/.ssh/
+#
+# cat <<EOF >/home/rocky/.ssh/authorized_keys
+# ssh-rsa <your_public_key_here> you@your.domain
+# EOF
+#
+### set permissions
+# chmod 0600 /home/rocky/.ssh/authorized_keys
+#
+#### fix up selinux context
+# restorecon -R /home/rocky/.ssh/
+
+%end
+
+%packages  --ignoremissing
+@core
+bash-completion
+cloud-init
+cloud-utils-growpart
+rsync
+tar
+patch
+yum-utils
+grub2-pc
+grub2-efi-*
+shim-*
+grub2-efi-*-modules
+efibootmgr
+dosfstools
+lvm2
+mdadm
+device-mapper-multipath
+iscsi-initiator-utils
+-plymouth
+# Remove ALSA firmware
+-a*-firmware
+# Remove Intel wireless firmware
+-i*-firmware
+%end