infra/kickstart/pipeline/head This commit looks goodDetails
* Install `system-upgrade` plugin for `dnf`, since we'll almost always
want this in order to be able to update hosts
* Do not install _sshca-cli-systemd_; this package has been deprecated
and removed in favor of setting up the systemd units from Ansible
* Install _python3-libdnf5_, as this is required by Ansible and will be
installed by it later, so we can save a bit of time by always having
it installed.
infra/kickstart/pipeline/head This commit looks goodDetails
Anaconda seems to want to install this by default now. This is a
useless package with a bunch of security vulnerabilities and a hard
dependency on Polkit.
When the SSH daemon is already configured to use an SSH host
certificate but the specified certificate file does not exist, then the
server will not try to use it later once it is created. This
essentially means that the certificate obtained during first boot will
not be used untile the SSH daemon is restarted.
Rather than try to set all of this up in the kickstart, it's probably
better to just let Ansible do it. Then, the SSH daemon can be restarted
as needed automatically (by the host provisioner).
Apparently something is populating `/etc/machine-id` at install time
now, which prevents units scheduled to run on first boot (with
`ConditionFirstBoot=true`) from starting.
Dustin