Project

General

Profile

Download (49.5 KB)

action #93817 ยป containers_x3690s_autoyast.xml

autoyast.xml for s390 by yast clone_system - ybonatakis, 2021-06-18 18:42

 
<?xml version="1.0"?>
<!DOCTYPE profile>
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
<add-on>
<add_on_products config:type="list">
<listentry>
<media_url><![CDATA[https://updates.suse.com/SUSE/Products/SLE-Module-Desktop-Applications/15-SP1/s390x/product?WaKaU4v5azj4vUscFcSfSlGZwM3mBK-IPwFtBBeiQhoBCDepdbD4_s9T-TLCkRWxPVfftslVB89sh6OWyEDJqXqmJaNrbhqdJbaDODv_UhCGb4zlcmXe86pE0530Ru137Afw3xd7_Ozp0NAcUk1Qwr79hosw6__NojZKSe0H0v-L]]></media_url>
<product>sle-module-desktop-applications</product>
<product_dir/>
</listentry>
<listentry>
<media_url><![CDATA[https://updates.suse.com/SUSE/Products/SLE-Module-Server-Applications/15-SP1/s390x/product?ECZH2kIsyLn3gMu2bKBYatqEbgG5wwFLievb0lvVDs--P3oJPh6A-4s_o4iQuN9Jp9a1CyAsiVU36og7Mz_0KzkKAOInJbtGpnU90l5O_iiGBHvljqzPoZaYU1CKdEefjxkOmpZodr0Rrrba3E3FxGs5euufGqw5Wc71Y01jCzo]]></media_url>
<product>sle-module-server-applications</product>
<product_dir/>
</listentry>
<listentry>
<media_url><![CDATA[https://updates.suse.com/SUSE/Products/SLE-Module-Basesystem/15-SP1/s390x/product?UG4gh9ztGTN2IGEGCQfMCC42nyYkMrKjATBJRbw3Bh0tv2NKZ1hk0n2jvNx83sZf5qJoo2VoYD29inhbBpUhwQP4m4AdSH6-EWReRZ3h2H0X6XXJpLVY7Ak6bBJ2MRE_1YUnEsNKYIU1yKLtOvxe3hEXznTiG28]]></media_url>
<product>sle-module-basesystem</product>
<product_dir/>
</listentry>
</add_on_products>
</add-on>
<bootloader>
<global>
<append>TERM=linux console=ttyS0 console=ttyS1 resume=/dev/disk/by-path/ccw-0.0.0000-part3 crashkernel=163M mitigations=auto</append>
<cpu_mitigations>auto</cpu_mitigations>
<gfxmode>auto</gfxmode>
<hiddenmenu>false</hiddenmenu>
<os_prober>false</os_prober>
<serial>serial --unit=1 --speed=9600 --parity=no</serial>
<terminal>console serial</terminal>
<timeout config:type="integer">-1</timeout>
<trusted_grub>false</trusted_grub>
<xen_kernel_append>crashkernel=163M\&lt;4G</xen_kernel_append>
</global>
<loader_type>grub2</loader_type>
</bootloader>
<dasd>
<devices config:type="list"/>
<format_unformatted config:type="boolean">false</format_unformatted>
</dasd>
<deploy_image>
<image_installation config:type="boolean">false</image_installation>
</deploy_image>
<firewall>
<default_zone>public</default_zone>
<enable_firewall config:type="boolean">true</enable_firewall>
<log_denied_packets>off</log_denied_packets>
<start_firewall config:type="boolean">true</start_firewall>
<zones config:type="list">
<zone>
<description>Unsolicited incoming network packets are rejected. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
<interfaces config:type="list"/>
<masquerade config:type="boolean">false</masquerade>
<name>block</name>
<ports config:type="list"/>
<protocols config:type="list"/>
<services config:type="list"/>
<short>Block</short>
<target>%%REJECT%%</target>
</zone>
<zone>
<description>For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.</description>
<interfaces config:type="list"/>
<masquerade config:type="boolean">false</masquerade>
<name>dmz</name>
<ports config:type="list"/>
<protocols config:type="list"/>
<services config:type="list">
<service>ssh</service>
</services>
<short>DMZ</short>
<target>default</target>
</zone>
<zone>
<description>Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
<interfaces config:type="list"/>
<masquerade config:type="boolean">false</masquerade>
<name>drop</name>
<ports config:type="list"/>
<protocols config:type="list"/>
<services config:type="list"/>
<short>Drop</short>
<target>DROP</target>
</zone>
<zone>
<description>For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<interfaces config:type="list"/>
<masquerade config:type="boolean">true</masquerade>
<name>external</name>
<ports config:type="list"/>
<protocols config:type="list"/>
<services config:type="list">
<service>ssh</service>
</services>
<short>External</short>
<target>default</target>
</zone>
<zone>
<description>For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<interfaces config:type="list"/>
<masquerade config:type="boolean">false</masquerade>
<name>home</name>
<ports config:type="list"/>
<protocols config:type="list"/>
<services config:type="list">
<service>ssh</service>
<service>mdns</service>
<service>samba-client</service>
<service>dhcpv6-client</service>
</services>
<short>Home</short>
<target>default</target>
</zone>
<zone>
<description>For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.</description>
<interfaces config:type="list"/>
<masquerade config:type="boolean">false</masquerade>
<name>internal</name>
<ports config:type="list"/>
<protocols config:type="list"/>
<services config:type="list">
<service>ssh</service>
<service>mdns</service>
<service>samba-client</service>
<service>dhcpv6-client</service>
</services>
<short>Internal</short>
<target>default</target>
</zone>
<zone>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<interfaces config:type="list"/>
<masquerade config:type="boolean">false</masquerade>
<name>public</name>
<ports config:type="list"/>
<protocols config:type="list"/>
<services config:type="list">
<service>ssh</service>
<service>dhcpv6-client</service>
</services>
<short>Public</short>
<target>default</target>
</zone>
<zone>
<description>All network connections are accepted.</description>
<interfaces config:type="list"/>
<masquerade config:type="boolean">false</masquerade>
<name>trusted</name>
<ports config:type="list"/>
<protocols config:type="list"/>
<services config:type="list"/>
<short>Trusted</short>
<target>ACCEPT</target>
</zone>
<zone>
<description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<interfaces config:type="list"/>
<masquerade config:type="boolean">false</masquerade>
<name>work</name>
<ports config:type="list"/>
<protocols config:type="list"/>
<services config:type="list">
<service>ssh</service>
<service>dhcpv6-client</service>
</services>
<short>Work</short>
<target>default</target>
</zone>
</zones>
</firewall>
<general>
<ask-list config:type="list"/>
<cio_ignore config:type="boolean">false</cio_ignore>
<mode>
<confirm config:type="boolean">false</confirm>
</mode>
<proposals config:type="list"/>
<signature-handling>
<accept_file_without_checksum config:type="boolean">true</accept_file_without_checksum>
<accept_non_trusted_gpg_key config:type="boolean">true</accept_non_trusted_gpg_key>
<accept_unknown_gpg_key config:type="boolean">true</accept_unknown_gpg_key>
<accept_unsigned_file config:type="boolean">true</accept_unsigned_file>
<accept_verification_failed config:type="boolean">false</accept_verification_failed>
<import_gpg_key config:type="boolean">true</import_gpg_key>
</signature-handling>
<storage>
<start_multipath config:type="boolean">false</start_multipath>
</storage>
</general>
<groups config:type="list">
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>100</gid>
<group_password>x</group_password>
<groupname>users</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>65533</gid>
<group_password>x</group_password>
<groupname>nogroup</groupname>
<userlist>nobody</userlist>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>497</gid>
<group_password>x</group_password>
<groupname>wheel</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>492</gid>
<group_password>x</group_password>
<groupname>cdrom</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>59</gid>
<group_password>x</group_password>
<groupname>maildrop</groupname>
<userlist>postfix</userlist>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>481</gid>
<group_password>x</group_password>
<groupname>systemd-timesync</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>475</gid>
<group_password>x</group_password>
<groupname>zkeyadm</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>484</gid>
<group_password>x</group_password>
<groupname>systemd-journal</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>490</gid>
<group_password>x</group_password>
<groupname>disk</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>494</gid>
<group_password>x</group_password>
<groupname>utmp</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>0</gid>
<group_password>x</group_password>
<groupname>root</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>42</gid>
<group_password>x</group_password>
<groupname>trusted</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>495</gid>
<group_password>x</group_password>
<groupname>lock</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>15</gid>
<group_password>x</group_password>
<groupname>shadow</groupname>
<userlist>vnc</userlist>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>480</gid>
<group_password>x</group_password>
<groupname>nscd</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>491</gid>
<group_password>x</group_password>
<groupname>dialout</groupname>
<userlist>bernhard</userlist>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>482</gid>
<group_password>x</group_password>
<groupname>systemd-coredump</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>493</gid>
<group_password>x</group_password>
<groupname>audio</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>476</gid>
<group_password>x</group_password>
<groupname>ts-shell</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>474</gid>
<group_password>x</group_password>
<groupname>cpacfstats</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>479</gid>
<group_password>x</group_password>
<groupname>polkitd</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>488</gid>
<group_password>x</group_password>
<groupname>kvm</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>1</gid>
<group_password>x</group_password>
<groupname>bin</groupname>
<userlist>daemon</userlist>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>498</gid>
<group_password>!</group_password>
<groupname>mail</groupname>
<userlist>postfix</userlist>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>477</gid>
<group_password>x</group_password>
<groupname>chrony</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>51</gid>
<group_password>x</group_password>
<groupname>postfix</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>478</gid>
<group_password>x</group_password>
<groupname>sshd</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>499</gid>
<group_password>x</group_password>
<groupname>messagebus</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>65534</gid>
<group_password>x</group_password>
<groupname>nobody</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>485</gid>
<group_password>x</group_password>
<groupname>video</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>486</gid>
<group_password>x</group_password>
<groupname>tape</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>473</gid>
<group_password>x</group_password>
<groupname>vnc</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>487</gid>
<group_password>x</group_password>
<groupname>lp</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>496</gid>
<group_password>x</group_password>
<groupname>kmem</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>62</gid>
<group_password>x</group_password>
<groupname>man</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>71</gid>
<group_password>x</group_password>
<groupname>ntadmin</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>2</gid>
<group_password>x</group_password>
<groupname>daemon</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>5</gid>
<group_password>x</group_password>
<groupname>tty</groupname>
<userlist>bernhard</userlist>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>483</gid>
<group_password>x</group_password>
<groupname>systemd-network</groupname>
<userlist/>
</group>
<group>
<encrypted config:type="boolean">true</encrypted>
<gid>489</gid>
<group_password>x</group_password>
<groupname>input</groupname>
<userlist/>
</group>
</groups>
<host>
<hosts config:type="list">
<hosts_entry>
<host_address>127.0.0.1</host_address>
<names config:type="list">
<name>localhost</name>
</names>
</hosts_entry>
<hosts_entry>
<host_address>::1</host_address>
<names config:type="list">
<name>localhost ipv6-localhost ipv6-loopback</name>
</names>
</hosts_entry>
<hosts_entry>
<host_address>fe00::0</host_address>
<names config:type="list">
<name>ipv6-localnet</name>
</names>
</hosts_entry>
<hosts_entry>
<host_address>ff00::0</host_address>
<names config:type="list">
<name>ipv6-mcastprefix</name>
</names>
</hosts_entry>
<hosts_entry>
<host_address>ff02::1</host_address>
<names config:type="list">
<name>ipv6-allnodes</name>
</names>
</hosts_entry>
<hosts_entry>
<host_address>ff02::2</host_address>
<names config:type="list">
<name>ipv6-allrouters</name>
</names>
</hosts_entry>
<hosts_entry>
<host_address>ff02::3</host_address>
<names config:type="list">
<name>ipv6-allhosts</name>
</names>
</hosts_entry>
</hosts>
</host>
<kdump>
<add_crash_kernel config:type="boolean">true</add_crash_kernel>
<crash_kernel>163M</crash_kernel>
<crash_xen_kernel>163M\&lt;4G</crash_xen_kernel>
<general>
<KDUMPTOOL_FLAGS/>
<KDUMP_COMMANDLINE/>
<KDUMP_COMMANDLINE_APPEND/>
<KDUMP_CONTINUE_ON_ERROR>true</KDUMP_CONTINUE_ON_ERROR>
<KDUMP_COPY_KERNEL>yes</KDUMP_COPY_KERNEL>
<KDUMP_CPUS/>
<KDUMP_DUMPFORMAT>lzo</KDUMP_DUMPFORMAT>
<KDUMP_DUMPLEVEL>31</KDUMP_DUMPLEVEL>
<KDUMP_FREE_DISK_SIZE>64</KDUMP_FREE_DISK_SIZE>
<KDUMP_HOST_KEY/>
<KDUMP_IMMEDIATE_REBOOT>yes</KDUMP_IMMEDIATE_REBOOT>
<KDUMP_KEEP_OLD_DUMPS>5</KDUMP_KEEP_OLD_DUMPS>
<KDUMP_KERNELVER/>
<KDUMP_NETCONFIG>auto</KDUMP_NETCONFIG>
<KDUMP_NET_TIMEOUT>30</KDUMP_NET_TIMEOUT>
<KDUMP_NOTIFICATION_CC/>
<KDUMP_NOTIFICATION_TO/>
<KDUMP_POSTSCRIPT/>
<KDUMP_PRESCRIPT/>
<KDUMP_REQUIRED_PROGRAMS/>
<KDUMP_SAVEDIR>/var/crash</KDUMP_SAVEDIR>
<KDUMP_SMTP_PASSWORD/>
<KDUMP_SMTP_SERVER/>
<KDUMP_SMTP_USER/>
<KDUMP_TRANSFER/>
<KDUMP_VERBOSE>3</KDUMP_VERBOSE>
<KEXEC_OPTIONS/>
</general>
</kdump>
<language>
<language>en_US</language>
<languages/>
</language>
<login_settings/>
<networking>
<dhcp_options>
<dhclient_client_id/>
<dhclient_hostname_option>AUTO</dhclient_hostname_option>
</dhcp_options>
<dns>
<dhcp_hostname config:type="boolean">false</dhcp_hostname>
<hostname>susetest</hostname>
<resolv_conf_policy>auto</resolv_conf_policy>
<write_hostname config:type="boolean">false</write_hostname>
</dns>
<interfaces config:type="list">
<interface>
<bootproto>dhcp</bootproto>
<device>eth0</device>
<startmode>auto</startmode>
</interface>
<interface>
<bootproto>static</bootproto>
<device>lo</device>
<firewall>no</firewall>
<ipaddr>127.0.0.1</ipaddr>
<netmask>255.0.0.0</netmask>
<network>127.0.0.0</network>
<prefixlen>8</prefixlen>
<startmode>nfsroot</startmode>
<usercontrol>no</usercontrol>
</interface>
</interfaces>
<ipv6 config:type="boolean">true</ipv6>
<keep_install_network config:type="boolean">true</keep_install_network>
<managed config:type="boolean">false</managed>
<routing>
<ipv4_forward config:type="boolean">false</ipv4_forward>
<ipv6_forward config:type="boolean">false</ipv6_forward>
</routing>
<s390-devices config:type="list">
<listentry>
<chanids> </chanids>
<type/>
</listentry>
</s390-devices>
</networking>
<nis>
<netconfig_policy>auto</netconfig_policy>
<nis_broadcast config:type="boolean">false</nis_broadcast>
<nis_broken_server config:type="boolean">false</nis_broken_server>
<nis_domain>suse.de</nis_domain>
<nis_local_only config:type="boolean">false</nis_local_only>
</nis>
<ntp-client>
<ntp_policy><![CDATA[auto]]></ntp_policy>
<ntp_servers config:type="list"/>
<ntp_sync>manual</ntp_sync>
</ntp-client>
<partitioning config:type="list">
<drive>
<device>/dev/disk/by-path/ccw-0.0.0000</device>
<disklabel>gpt</disklabel>
<enable_snapshots config:type="boolean">true</enable_snapshots>
<initialize config:type="boolean">false</initialize>
<partitions config:type="list">
<partition>
<create config:type="boolean">true</create>
<filesystem config:type="symbol">ext2</filesystem>
<format config:type="boolean">true</format>
<fstopt>acl,user_xattr</fstopt>
<mount>/boot/zipl</mount>
<mountby config:type="symbol">path</mountby>
<partition_id config:type="integer">131</partition_id>
<partition_nr config:type="integer">1</partition_nr>
<resize config:type="boolean">false</resize>
<size>314572800</size>
</partition>
<partition>
<create config:type="boolean">true</create>
<create_subvolumes config:type="boolean">true</create_subvolumes>
<filesystem config:type="symbol">btrfs</filesystem>
<format config:type="boolean">true</format>
<mount>/</mount>
<mountby config:type="symbol">path</mountby>
<partition_id config:type="integer">131</partition_id>
<partition_nr config:type="integer">2</partition_nr>
<resize config:type="boolean">false</resize>
<size>40485519360</size>
<subvolumes config:type="list">
<subvolume>
<copy_on_write config:type="boolean">true</copy_on_write>
<path>srv</path>
</subvolume>
<subvolume>
<copy_on_write config:type="boolean">true</copy_on_write>
<path>usr/local</path>
</subvolume>
<subvolume>
<copy_on_write config:type="boolean">false</copy_on_write>
<path>var</path>
</subvolume>
<subvolume>
<copy_on_write config:type="boolean">true</copy_on_write>
<path>opt</path>
</subvolume>
<subvolume>
<copy_on_write config:type="boolean">true</copy_on_write>
<path>tmp</path>
</subvolume>
<subvolume>
<copy_on_write config:type="boolean">true</copy_on_write>
<path>home</path>
</subvolume>
<subvolume>
<copy_on_write config:type="boolean">true</copy_on_write>
<path>boot/grub2/s390x-emu</path>
</subvolume>
<subvolume>
<copy_on_write config:type="boolean">true</copy_on_write>
<path>root</path>
</subvolume>
</subvolumes>
<subvolumes_prefix><![CDATA[@]]></subvolumes_prefix>
</partition>
<partition>
<create config:type="boolean">true</create>
<filesystem config:type="symbol">swap</filesystem>
<format config:type="boolean">true</format>
<mount>swap</mount>
<mountby config:type="symbol">path</mountby>
<partition_id config:type="integer">130</partition_id>
<partition_nr config:type="integer">3</partition_nr>
<resize config:type="boolean">false</resize>
<size>2148515328</size>
</partition>
</partitions>
<type config:type="symbol">CT_DISK</type>
<use>all</use>
</drive>
</partitioning>
<printer>
<client_conf_content>
<file_contents><![CDATA[# CUPS client configuration file (optional).

# You may use /etc/cups/client.conf (system wide)
# or ~/.cups/client.conf (per user).
# For more information see "man 5 client.conf".

# The ServerName directive specifies the remote server
# that is to be used for all client operations. That is, it
# redirects all client requests directly to that remote server
# so that a local running cupsd is not used in this case.
# The default is to use the local server ("localhost") or domain socket.
# Only one ServerName directive may appear.
# If multiple names are present, only the last one is used.
# The default port number is 631 but can be overridden by adding
# a colon followed by the desired port number.
# The default IPP version is 2.0 but can be overridden by adding
# a slash followed by version=V where V is 1.0 or 1.1 or 2.0 or 2.1 or 2.2.
# IPP version 2.0 does do not work with CUPS 1.3 or older servers.
# If an CUPS 1.3 or older server is used, its older IPP version
# must be specified as .../version=1.1 or .../version=1.0.

# Examples:
# ServerName sever.example.com
# ServerName 192.0.2.10
# ServerName sever.example.com:8631
# ServerName older.server.example.com/version=1.1
# ServerName older.server.example.com:8631/version=1.1

]]></file_contents>
</client_conf_content>
<cupsd_conf_content>
<file_contents><![CDATA[#
# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
PageLogFormat

# Only listen for connections from the local machine.
Listen localhost:631
Listen /run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseLocalProtocols dnssd

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Web interface setting...
WebInterface Yes

# Restrict access to the server...
<Location />
Order allow,deny
</Location>

# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>

# Restrict access to log files...
<Location /admin/log>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>

# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default

# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>

<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
Order deny,allow
</Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default

# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>

<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
Order deny,allow
</Limit>
</Policy>

# Set the kerberized printer/job policies...
<Policy kerberos>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default

# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Negotiate
Order deny,allow
</Limit>

<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
Order deny,allow
</Limit>
</Policy>

# The policy below is added by SUSE during build of our cups package.
# The policy 'allowallforanybody' is totally open and insecure and therefore
# it can only be used within an internal network where only trused users exist
# and where the cupsd is not accessible at all from any external host, see
# http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
# Have in mind that any user who is allowed to do printer admin tasks
# can change the print queues as he likes - e.g. send copies of confidental
# print jobs from an internal network to any external destination, see
# http://en.opensuse.org/SDB:CUPS_in_a_Nutshell
# For documentation regarding 'Managing Operation Policies' see
# http://www.cups.org/documentation.php/doc-1.7/policies.html
<Policy allowallforanybody>
# Allow anybody to access job's private values:
JobPrivateAccess all
# Make none of the job values to be private:
JobPrivateValues none
# Allow anybody to access subscription's private values:
SubscriptionPrivateAccess all
# Make none of the subscription values to be private:
SubscriptionPrivateValues none
# Allow anybody to do all IPP operations:
# Currently the IPP operations Validate-Job Cancel-Jobs Cancel-My-Jobs Close-Job CUPS-Get-Document
# must be additionally exlicitly specified because those IPP operations are not included
# in the "All" wildcard value - otherwise cupsd prints error messages of the form
# "No limit for Validate-Job defined in policy allowallforanybody and no suitable template found."
<Limit Validate-Job Cancel-Jobs Cancel-My-Jobs Close-Job CUPS-Get-Document>
Order deny,allow
Allow from all
</Limit>
# Since CUPS > 1.5.4 the "All" wildcard value must be specified separately,
# otherwise clients like "lpstat -p" just hang up,
# see https://bugzilla.opensuse.org/show_bug.cgi?id=936309
# and https://www.cups.org/str.php?L4659
<Limit All>
Order deny,allow
Allow from all
</Limit>
</Policy>
# Explicitly set the CUPS 'default' policy to be used by default:
DefaultPolicy default

]]></file_contents>
</cupsd_conf_content>
</printer>
<proxy>
<enabled config:type="boolean">false</enabled>
<ftp_proxy/>
<http_proxy/>
<https_proxy/>
<no_proxy>localhost,127.0.0.1</no_proxy>
<proxy_password/>
<proxy_user/>
</proxy>
<report>
<errors>
<log config:type="boolean">true</log>
<show config:type="boolean">true</show>
<timeout config:type="integer">0</timeout>
</errors>
<messages>
<log config:type="boolean">true</log>
<show config:type="boolean">true</show>
<timeout config:type="integer">0</timeout>
</messages>
<warnings>
<log config:type="boolean">true</log>
<show config:type="boolean">true</show>
<timeout config:type="integer">0</timeout>
</warnings>
<yesno_messages>
<log config:type="boolean">true</log>
<show config:type="boolean">true</show>
<timeout config:type="integer">0</timeout>
</yesno_messages>
</report>
<services-manager>
<default_target>multi-user</default_target>
<services>
<disable config:type="list"/>
<enable config:type="list">
<service>YaST2-Firstboot</service>
<service>YaST2-Second-Stage</service>
<service>apparmor</service>
<service>auditd</service>
<service>klog</service>
<service>btrfsmaintenance-refresh</service>
<service>cio_ignore</service>
<service>cpi</service>
<service>cron</service>
<service>firewalld</service>
<service>wickedd-auto4</service>
<service>wickedd-dhcp4</service>
<service>wickedd-dhcp6</service>
<service>wickedd-nanny</service>
<service>display-manager</service>
<service>getty@tty1</service>
<service>haveged</service>
<service>iscsi</service>
<service>issue-generator</service>
<service>kbdsettings</service>
<service>kdump</service>
<service>kdump-early</service>
<service>lvm2-monitor</service>
<service>wicked</service>
<service>nscd</service>
<service>postfix</service>
<service>purge-kernels</service>
<service>rollback</service>
<service>rsyslog</service>
<service>serial-getty@hvc0</service>
<service>serial-getty@ttysclp0</service>
<service>smartd</service>
<service>sshd</service>
</enable>
<on_demand config:type="list">
<listentry>iscsid</listentry>
</on_demand>
</services>
</services-manager>
<software>
<image/>
<install_recommended config:type="boolean">true</install_recommended>
<instsource/>
<packages config:type="list">
<package>wicked</package>
<package>snapper</package>
<package>sles-release</package>
<package>sle-module-server-applications-release</package>
<package>sle-module-desktop-applications-release</package>
<package>sle-module-basesystem-release</package>
<package>openssh</package>
<package>kexec-tools</package>
<package>kdump</package>
<package>iproute2</package>
<package>grub2</package>
<package>glibc</package>
<package>firewalld</package>
<package>e2fsprogs</package>
<package>btrfsprogs</package>
<package>autoyast2</package>
</packages>
<patterns config:type="list">
<pattern>apparmor</pattern>
<pattern>base</pattern>
<pattern>enhanced_base</pattern>
<pattern>minimal_base</pattern>
<pattern>x11</pattern>
<pattern>x11_yast</pattern>
<pattern>yast2_basis</pattern>
</patterns>
<products config:type="list">
<product>SLES</product>
</products>
</software>
<ssh_import>
<copy_config config:type="boolean">false</copy_config>
<import config:type="boolean">false</import>
</ssh_import>
<tftp-server>
<start_tftpd config:type="boolean">false</start_tftpd>
</tftp-server>
<timezone>
<hwclock>UTC</hwclock>
<timezone>America/New_York</timezone>
</timezone>
<user_defaults>
<expire/>
<group>100</group>
<groups/>
<home>/home</home>
<inactive>-1</inactive>
<no_groups config:type="boolean">true</no_groups>
<shell>/bin/bash</shell>
<skel>/etc/skel</skel>
<umask>022</umask>
</user_defaults>
<users config:type="list">
<user>
<authorized_keys config:type="list">
<authorized_key>ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2bEmZReiWi65Jyjrji4iT9bsM6IEK/Rznq7Ta0a/4IajL1AjAwjO3pyyy9FnmLNJvtly/PKuAol8/HszdNnRcGlwoelOwBc3mu9v+7C4BPSkYEr8Cxa8a+eq7qOGVCBnO57RvP4gzjDLT7u+FPQuCf+lNW1JaOROTG1oLT6QlvHvufvIP9cpZM+y+ThYA0JpM5dMez355i0Ao/gd0jx65G/mmQIG7Kzk1EbqCdIOf5b+BcL49dqAhaey8miD5Odu0K9FtmfDs8yFo17iFhIZb5ntZtRy44Jzh3fTfZA3tS5AkWCSTFzHAxmSS38HFDr2OfJ2uwNaayqgNrWSWwZUr root@susetest</authorized_key>
</authorized_keys>
<encrypted config:type="boolean">true</encrypted>
<fullname>bernhard</fullname>
<gid>100</gid>
<home>/home/bernhard</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max>99999</max>
<min>0</min>
<warn>7</warn>
</password_settings>
<shell>/bin/bash</shell>
<uid>1000</uid>
<user_password>$6$7qvRyGO6wKMj$IjgA5Zw8124UgkyU0OFt0.AY7o0hrPru0aLLnuZg4OEMTmyI/7PI0IkOP2nYqnaSSMCPT6xz55qOj89a4zioV/</user_password>
<username>bernhard</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>User for nscd</fullname>
<gid>480</gid>
<home>/run/nscd</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>479</uid>
<user_password>!</user_password>
<username>nscd</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>Daemon</fullname>
<gid>2</gid>
<home>/sbin</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>2</uid>
<user_password>!</user_password>
<username>daemon</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>Manual pages viewer</fullname>
<gid>62</gid>
<home>/var/lib/empty</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>13</uid>
<user_password>!</user_password>
<username>man</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>NFS statd daemon</fullname>
<gid>65533</gid>
<home>/var/lib/nfs</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>478</uid>
<user_password>!</user_password>
<username>statd</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>systemd Network Management</fullname>
<gid>483</gid>
<home>/</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>483</uid>
<user_password>!!</user_password>
<username>systemd-network</username>
</user>
<user>
<authorized_keys config:type="list">
<authorized_key>ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2bEmZReiWi65Jyjrji4iT9bsM6IEK/Rznq7Ta0a/4IajL1AjAwjO3pyyy9FnmLNJvtly/PKuAol8/HszdNnRcGlwoelOwBc3mu9v+7C4BPSkYEr8Cxa8a+eq7qOGVCBnO57RvP4gzjDLT7u+FPQuCf+lNW1JaOROTG1oLT6QlvHvufvIP9cpZM+y+ThYA0JpM5dMez355i0Ao/gd0jx65G/mmQIG7Kzk1EbqCdIOf5b+BcL49dqAhaey8miD5Odu0K9FtmfDs8yFo17iFhIZb5ntZtRy44Jzh3fTfZA3tS5AkWCSTFzHAxmSS38HFDr2OfJ2uwNaayqgNrWSWwZUr root@susetest</authorized_key>
</authorized_keys>
<encrypted config:type="boolean">true</encrypted>
<fullname>root</fullname>
<gid>0</gid>
<home>/root</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/bin/bash</shell>
<uid>0</uid>
<user_password>$6$kRhJTgCO1mS5$fcOy234elJsNSUNVTenACM2IZvkhJt.pH/OCYX35vSTfii7So6Dy7/FDtYpitq.g9OvZ9MaYCDu9K9edFDEYh1</user_password>
<username>root</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>user for VNC</fullname>
<gid>473</gid>
<home>/var/lib/empty</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>473</uid>
<user_password>!</user_password>
<username>vnc</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>Printing daemon</fullname>
<gid>487</gid>
<home>/var/spool/lpd</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>475</uid>
<user_password>!</user_password>
<username>lp</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>Mailer daemon</fullname>
<gid>498</gid>
<home>/var/spool/clientmqueue</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>498</uid>
<user_password>!</user_password>
<username>mail</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>bin</fullname>
<gid>1</gid>
<home>/bin</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>1</uid>
<user_password>!</user_password>
<username>bin</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>user for rpcbind</fullname>
<gid>65534</gid>
<home>/var/lib/empty</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>480</uid>
<user_password>!</user_password>
<username>rpc</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>nobody</fullname>
<gid>65534</gid>
<home>/var/lib/nobody</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/bin/bash</shell>
<uid>65534</uid>
<user_password>!</user_password>
<username>nobody</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>User for D-Bus</fullname>
<gid>499</gid>
<home>/run/dbus</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/usr/bin/false</shell>
<uid>499</uid>
<user_password>!</user_password>
<username>messagebus</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>Chrony Daemon</fullname>
<gid>477</gid>
<home>/var/lib/chrony</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/bin/false</shell>
<uid>474</uid>
<user_password>!</user_password>
<username>chrony</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>Postfix Daemon</fullname>
<gid>51</gid>
<home>/var/spool/postfix</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/bin/false</shell>
<uid>51</uid>
<user_password>!</user_password>
<username>postfix</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>SSH daemon</fullname>
<gid>478</gid>
<home>/var/lib/sshd</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/bin/false</shell>
<uid>476</uid>
<user_password>!</user_password>
<username>sshd</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>User for polkitd</fullname>
<gid>479</gid>
<home>/var/lib/polkit</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>477</uid>
<user_password>!</user_password>
<username>polkitd</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>systemd Core Dumper</fullname>
<gid>482</gid>
<home>/</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>482</uid>
<user_password>!!</user_password>
<username>systemd-coredump</username>
</user>
<user>
<encrypted config:type="boolean">true</encrypted>
<fullname>systemd Time Synchronization</fullname>
<gid>481</gid>
<home>/</home>
<home_btrfs_subvolume config:type="boolean">false</home_btrfs_subvolume>
<password_settings>
<expire/>
<flag/>
<inact/>
<max/>
<min/>
<warn/>
</password_settings>
<shell>/sbin/nologin</shell>
<uid>481</uid>
<user_password>!!</user_password>
<username>systemd-timesync</username>
</user>
</users>
<zfcp>
<devices config:type="list"/>
</zfcp>
</profile>
    (1-1/1)