Update Autoyast SSSD conf (AutomatedLab#1769)

* Update Autoyast SSSD conf

* smb-client stopped working

* Suppress output

* Cannot recycle attributes

* Ensure Suse dependencies part of config

* Lets try without validation

* Remove Samba in favor of adcli

* Simplify namespace

* Add XML node types

* Implent YAST sychronous command

* Distinguish package and pattern

* Ensure no duplicates

* Closing tags

* Use short-hand attribute

* Yast seems to require ISO

* Ensure DVD is mounted

* Package not Pattern

* Ensure FQDN is used to aid realm discovery

* Ensure software selection can include sssd

* Include NSM

* Include NSM

* Fix repo URls

* Restore node attribute

* DomJoin required samba still

* Autobootloader

* Move pwhs install

* Include link to supported Linux versions

* Fix typo

* Use RPM to ignore dependenceies

* Remove product dir

* Add linuxrc config

---------

Co-authored-by: Jan-Hendrik Peters <nyanhp@noreply.codeberg.org>

Author: nyanhp

AutomatedLabDefinition/internal/scripts/Initialization.ps1

@@ -463,140 +463,133 @@ clearpart --all
 autopart
 "@
 
+# Big XML, replace SUSEVERSION with Major.Minor and Codename with e.g. Leap
+# Tumbleweed has different repos (only non-oss and update with urls like https://download.opensuse.org/update/tumbleweed/)
+# Tumbleweed uses selinux instead of apparmor, bootload should be security=selinux selinux=1
+# SecureBoot can remain on, even if off or gen1
 $autoyastContent = @"
 <?xml version="1.0"?>
 <!DOCTYPE profile>
 <profile
   xmlns="http://www.suse.com/1.0/yast2ns"
   xmlns:config="http://www.suse.com/1.0/configns">
-  <general>
-  <signature-handling>
-    <accept_unsigned_file config:type="boolean">true</accept_unsigned_file>
-    <accept_file_without_checksum config:type="boolean">true</accept_file_without_checksum>
-    <accept_verification_failed config:type="boolean">true</accept_verification_failed>
-    <accept_unknown_gpg_key config:type="boolean">true</accept_unknown_gpg_key>
-    <import_gpg_key config:type="boolean">true</import_gpg_key>
-    <accept_non_trusted_gpg_key config:type="boolean">true</accept_non_trusted_gpg_key>
+  <general t="map">
+    <signature-handling t="map">
+      <accept_unsigned_file t="boolean">true</accept_unsigned_file>
+      <accept_file_without_checksum t="boolean">true</accept_file_without_checksum>
+      <accept_verification_failed t="boolean">true</accept_verification_failed>
+      <accept_unknown_gpg_key t="boolean">true</accept_unknown_gpg_key>
+      <import_gpg_key t="boolean">true</import_gpg_key>
+      <accept_non_trusted_gpg_key t="boolean">true</accept_non_trusted_gpg_key>
     </signature-handling>
-    <self_update config:type="boolean">false</self_update>
-  <mode>
-    <halt config:type="boolean">false</halt>
-    <forceboot config:type="boolean">false</forceboot>
-    <final_reboot config:type="boolean">true</final_reboot>
-    <final_halt config:type="boolean">false</final_halt>
-    <confirm_base_product_license config:type="boolean">false</confirm_base_product_license>
-    <confirm config:type="boolean">false</confirm>
-    <second_stage config:type="boolean">true</second_stage>
+    <self_update t="boolean">false</self_update>
+  <mode t="map">
+    <halt t="boolean">false</halt>
+    <forceboot t="boolean">false</forceboot>
+    <final_reboot t="boolean">true</final_reboot>
+    <final_halt t="boolean">false</final_halt>
+    <confirm_base_product_license t="boolean">false</confirm_base_product_license>
+    <confirm t="boolean">false</confirm>
+    <second_stage t="boolean">true</second_stage>
   </mode>
   </general>
-  <partitioning config:type="list">
-    <drive>
-        <disklabel>gpt</disklabel>
-        <device>/dev/sda</device>
-        <use>free</use>
-        <partitions config:type="list">
-            <partition>
-                <filesystem config:type="symbol">vfat</filesystem>
-                <mount>/boot</mount>
-                <size>1G</size>
-            </partition>
-            <partition>
-                <filesystem config:type="symbol">vfat</filesystem>
-                <mount>/boot/efi</mount>
-                <size>1G</size>
-            </partition>
-            <partition>
-                <filesystem config:type="symbol">swap</filesystem>
-                <mount>/swap</mount>
-                <size>auto</size>
-            </partition>
-            <partition>
-                <filesystem config:type="symbol">ext4</filesystem>
-                <mount>/</mount>
-                <size>auto</size>
-            </partition>
-        </partitions>
-    </drive>
-</partitioning>
-<bootloader>
-  <loader_type>grub2-efi</loader_type>
-  <global>
-    <activate config:type="boolean">true</activate>
-    <boot_boot>true</boot_boot>
-  </global>
- </bootloader>
-<language>
+<language t="map">
     <language>en_US</language>
 </language>
-<timezone>
+<timezone t="map">
 <!-- https://raw.githubusercontent.com/yast/yast-country/master/timezone/src/data/timezone_raw.ycp -->
     <hwclock>UTC</hwclock>
     <timezone>ETC/GMT</timezone>
 </timezone>
-<keyboard>
+<keyboard t="map">
 <!-- https://raw.githubusercontent.com/yast/yast-country/master/keyboard/src/data/keyboard_raw.ycp -->
     <keymap>english-us</keymap>
 </keyboard>
-<software>
-    <patterns config:type="list">
+<add-on t="map">
+    <add_on_others t="list">
+        <listentry t="map">
+            <alias>repo-backports-update</alias>
+            <media_url>http://download.opensuse.org/update/leap/SUSEVERSION/backports/</media_url>
+            <name>Backports Update</name>
+            <priority t="integer">3</priority>
+        </listentry>
+        <listentry t="map">
+            <alias>repo-non-oss</alias>
+            <media_url>http://download.opensuse.org/distribution/leap/SUSEVERSION/repo/non-oss/</media_url>
+            <name>Non-OSS Repository</name>
+            <priority t="integer">2</priority>
+        </listentry>
+        <listentry t="map">
+            <alias>repo-sle-update</alias>
+            <media_url>http://download.opensuse.org/update/leap/SUSEVERSION/sle/</media_url>
+            <name>Update from SLES</name>
+            <priority t="integer">1</priority>
+        </listentry>
+        <listentry t="map">
+            <alias>repo-update</alias>
+            <media_url>http://download.opensuse.org/update/leap/SUSEVERSION/oss/</media_url>
+            <name>Main Update Repository</name>
+            <priority t="integer">4</priority>
+        </listentry>
+        <listentry t="map">
+            <alias>repo-updatenon-oss</alias>
+            <media_url>http://download.opensuse.org/update/leap/SUSEVERSION/non-oss/</media_url>
+            <name>Non-OSS Update Repository</name>
+            <priority t="integer">5</priority>
+        </listentry>
+    </add_on_others>
+</add-on>
+<software t="map">
+    <patterns t="list">
     <pattern>base</pattern>
     <pattern>enhanced_base</pattern>
   </patterns>
-  <install_recommended config:type="boolean">true</install_recommended>
-  <packages config:type="list">
+  <install_recommended t="boolean">true</install_recommended>
+  <do_online_update t="boolean">false</do_online_update>
+  <packages t="list">
     <package>iputils</package>
     <package>vim</package>
     <package>less</package>
   </packages>
 </software>
-<services-manager>
+<services-manager t="map">
   <default_target>multi-user</default_target>
   <services>
-    <enable config:type="list">
+    <enable t="list">
       <service>sshd</service>
     </enable>
   </services>
 </services-manager>
-<networking>
-<interfaces config:type="list">
+<networking t="map">
+<backend>wicked</backend>
+<setup_before_proposal t="boolean">true</setup_before_proposal>
+<start_immediately config:type="boolean">true</start_immediately>
+<interfaces t="list">
 </interfaces>
-<net-udev config:type="list">
+<net-udev t="list">
 </net-udev>
-<dns>
-    <nameservers config:type="list">
+<dns t="map">
+    <nameservers t="list">
     </nameservers>
 </dns>
-<routing>
-<routes config:type="list">
+<routing t="map">
+<routes t="list">
 </routes>
 </routing>
 </networking>
-<users config:type="list">
+<users t="list">
   <user>
     <username>root</username>
     <user_password>Password1</user_password>
-    <encrypted config:type="boolean">false</encrypted>
+    <encrypted t="boolean">false</encrypted>
   </user>
   </users>
-<firewall>
-  <enable_firewall config:type="boolean">true</enable_firewall>
-  <start_firewall config:type="boolean">true</start_firewall>
+<firewall t="map">
+  <enable_firewall t="boolean">true</enable_firewall>
+  <start_firewall t="boolean">true</start_firewall>
 </firewall>
-<scripts>
-    <init-scripts config:type="list">
-      <script>
-        <source>
-        <![CDATA[
-            rpm --import https://packages.microsoft.com/keys/microsoft.asc
-            rpm -Uvh https://packages.microsoft.com/config/sles/12/packages-microsoft-prod.rpm
-            zypper update
-            zypper -f -v install powershell omi openssl
-            systemctl enable omid
-            echo "Subsystem powershell /usr/bin/pwsh -sshs -NoLogo" >> /etc/ssh/sshd_config
-            systemctl restart sshd
-        ]]>
-        </source>
-      </script>
+<scripts t="map">
+    <init-scripts t="list">
     </init-scripts>
   </scripts>
 </profile>

AutomatedLabUnattended/internal/functions/Suse/Add-UnattendedYastNetworkAdapter.ps1

@@ -137,6 +137,9 @@
         foreach ($gateway in $Gateways)
         {
             $routeNode = $script:un.CreateElement('route', $script:nsm.LookupNamespace('un'))
+            $mapAttr = $script:un.CreateAttribute('t')
+            $mapAttr.InnerText = 'map'
+            $null = $routeNode.Attributes.Append($mapAttr)
             $destinationNode = $script:un.CreateElement('destination', $script:nsm.LookupNamespace('un'))
             $deviceNode = $script:un.CreateElement('device', $script:nsm.LookupNamespace('un'))
             $gatewayNode = $script:un.CreateElement('gateway', $script:nsm.LookupNamespace('un'))

AutomatedLabUnattended/internal/functions/Suse/Add-UnattendedYastSynchronousCommand.ps1

@@ -1,5 +1,4 @@
-function Add-UnattendedYastSynchronousCommand
-{
+function Add-UnattendedYastSynchronousCommand {
     param (
         [Parameter(Mandatory)]
         [string]$Command,
@@ -8,4 +7,25 @@
         [string]$Description
     )
 
+    # Init Scripts - run after the system is up and running
+    $scriptsNode = $script:un.SelectSingleNode('/un:profile/un:scripts/un:init-scripts', $script:nsm)
+
+    # Add new script with GUID as filename (mandatory if more than one script)
+    $scriptNode = $script:un.CreateElement('script', $script:nsm.LookupNamespace('un'))
+    $mapAttr = $script:un.CreateAttribute('t')
+    $mapAttr.InnerText = 'map'
+    $null = $scriptNode.Attributes.Append($mapAttr)
+    
+    $fileNameNode = $script:un.CreateElement('filename', $script:nsm.LookupNamespace('un'))
+    $fileNameNode.InnerText = [guid]::NewGuid().ToString()
+    $null = $scriptNode.AppendChild($fileNameNode)
+
+    # Add "source" node with CDATA content of $Command
+    $sourceNode = $script:un.CreateElement('source', $script:nsm.LookupNamespace('un'))
+    $cdata = $script:un.CreateCDataSection($Command)
+    $null = $sourceNode.AppendChild($cdata)
+    $null = $scriptNode.AppendChild($sourceNode)
+
+    # Append the script node to the scripts node
+    $null = $scriptsNode.AppendChild($scriptNode)
 }

AutomatedLabUnattended/internal/functions/Suse/Import-UnattendedYastContent.ps1

@@ -1,5 +1,4 @@
-function Import-UnattendedYastContent
-{
+function Import-UnattendedYastContent {
     param
     (
         [Parameter(Mandatory = $true)]
@@ -9,10 +8,10 @@ function Import-UnattendedYastContent
 
     $script:un = $Content
     $script:ns = @{
-        un          = "http://www.suse.com/1.0/yast2ns"
-        'un:config' = "http://www.suse.com/1.0/configns"
+        xmlns  = "http://www.suse.com/1.0/yast2ns"
+        config = "http://www.suse.com/1.0/configns"
     }
-    $script:nsm =   [System.Xml.XmlNamespaceManager]::new($script:un.NameTable)
-    $script:nsm.AddNamespace('un',"http://www.suse.com/1.0/yast2ns")
-    $script:nsm.AddNamespace('un:config',"http://www.suse.com/1.0/configns" )
+    $script:nsm = [System.Xml.XmlNamespaceManager]::new($script:un.NameTable)
+    $script:nsm.AddNamespace('un', "http://www.suse.com/1.0/yast2ns")
+    $script:nsm.AddNamespace('config', "http://www.suse.com/1.0/configns" )
 }

AutomatedLabUnattended/internal/functions/Suse/Set-UnattendedYastAdministratorName.ps1

@@ -11,9 +11,9 @@
     $username = $script:un.CreateElement('username', $script:nsm.LookupNamespace('un'))
     $pw = $script:un.CreateElement('user_password', $script:nsm.LookupNamespace('un'))
     $encrypted = $script:un.CreateElement('encrypted', $script:nsm.LookupNamespace('un'))
-    $listAttr = $script:un.CreateAttribute('config','type', $script:nsm.LookupNamespace('config'))
-    $listAttr.InnerText = 'boolean'
-    $null = $encrypted.Attributes.Append($listAttr)
+    $boolAttr = $script:un.CreateAttribute('t')
+    $boolAttr.InnerText = 'boolean'
+    $null = $encrypted.Attributes.Append($boolAttr)
 
     $encrypted.InnerText = 'false'
     $pw.InnerText = 'none'