I think self-install image with enabled firstboot configuration (gnome-initial-setup) is a nice way to offer pre-loaded images for hardware vendors, or general, for any companies/corporations.
The Proof Of Concept that was worked on during hack week is available at https://hackweek.opensuse.org/21/projects/opensuse-build-supported-by-suse-it and https://build.opensuse.org/repositories/isv:SUSE:suse-it-infra This request is to make a self-install image available for Leap as well.
Problems
Add self-install image with gnome (POC used GNOME Live as a base)
GDM has disabled gnome-initial-setup for SLES / Leap (requires fork)
gnome-initial-setup is ancient (requires a fork)
Combustion is missing (do we want that, useful for e.g. initial root-password, if a company wants to disallow sudo for user).
I would recommend using full disk encryption (well without /boot) and changing luks password on the first boot. This was not working in POC (we've used combustion for this with https://github.com/SUSE/suse-csb-release/blob/cf9cd617ae3b0ca050f75ad5196101f7ca718796/combustion/script)
This should be considered for SLES as well but I'd personally prefer if SUSE IT would report these request in Jira.
This was asked by MgE, ideally against SLED 15 SP5
Metadata Update from @lkocman: - Issue set to the milestone: 15.5
Flagging as sle accept pending, but never the less we're implementing this one.
Metadata Update from @lkocman: - Custom field SUSE Jira - SUSE Linux Enterprise adjusted to https://jira.suse.com/browse/PED-1090 - Issue tagged with: SLE-Accept-Pending
For the beginning perhaps the combustion would be optional, some people don't seem to see having combustion as a benefit, and see it rather than a potential way to hijack the machine.
The combustion/ignition service is a one-shot service.
Yep, only run on first boot, so no "hijacking" possible.
Deferring to 15.6
Metadata Update from @lkocman: - Issue set to the milestone: 15.6 (was: 15.5)
Login to comment on this ticket.