-
Notifications
You must be signed in to change notification settings - Fork 1
/
minimal_el7.cfg
222 lines (189 loc) · 5.75 KB
/
minimal_el7.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
# Basic EL 7 Kickstart configuration
# Load form a webserver / GitHub after (network) boot
# Retrieves software directly from CentOS mirror
#
# No hardening, not much modifications except
#
# 201510 Joachim la Poutre'
################################################################################
# Command Section
################################################################################
# Perform the installation in a completely non-interactive command
# The recommended use is in conjunction with RUNKS=1 and ks= cmdline
# (Required) We want to "install" as opposed to "upgrade" an existing system
#optional since Fedora 18 #
install
url --url http://mirror.centos.org/centos/7/os/x86_64/
# Use text mode install
text
# Reboot the machine after the installation is complete
# and attempt to eject the CD/DVD/Bootdisk
reboot
# X is not configured except for Desktops
skipx
# Skip EULA (include this for non-interactive install of subcription based EL)
eula --agreed
# System keyboard
keyboard us
# System language
lang en_US.UTF-8
# Setup agent should not start the first time the system boots:
firstboot --disable
# Include created here for the moment not working or required (CD boot)
%include /tmp/network
# (Required) Sets the root password so there is no prompt during installation
rootpw --iscrypted $6$rounds=1000000$Vk3DpNkIQEsP5dsy$4D6K/2L48u1CMJk.l8f8LftXbMP/NVvi2F5xEns7kShS1dhr0CROeecgjj8e1dvUptY0AajecNl/FZVQUkbmq0
# Enable the firewall
firewall --enabled --ssh --port=80:tcp
# shadow configuration:
authconfig --enableshadow --passalgo=sha512
# System timezone
timezone --utc Europe/Amsterdam
# CIS 1.4.1 Enable SELinux (default), 1.4.2 Enforcing, 1.4.3 Targeted Policy
selinux --enforcing
# Clear the Master Boot Record
zerombr
# Partition clearing information
# The --initlabel option has been deprecated. To initialize disks with invalid partition tables and clear their contents, use the zerombr command.
clearpart --all
# System bootloader configuration and auto-partitioning
bootloader --location=mbr --boot-drive=sda
autopart --type=lvm
################################################################################
# Packages
# see output from 'yum group info Core'' (and 'Base')
################################################################################
%packages # obsolete # --nobase
@core
# add some basic software
acl
authconfig
bash-completion
bc
bind-libs
bind-utils
bridge-utils
bzip2
chrony
cpio
crontabs
ed
ethtool
file
firewalld
gnupg2
krb5-workstation
logrotate
lsof
lvm2
man-db
man-pages
nc
net-tools
openldap-clients
openssh-clients
pam_krb5
pam_ldap
perl
plymouth
prelink
rsync
samba-common
samba-winbind
sssd
strace
tcpdump
tcp_wrappers
telnet
tmux
traceroute
virt-what
wget
which
xfsdump
xz
yum-utils
zip
# Remove from Core (rpm -qa|grep -i firmware|grep -v linux|sed -e 's/^/-/;s/-[0-9][0-9]..*//;s/-[0-9]..*//'|sort)
-aic94xx-firmware
-alsa-firmware
-alsa-tools-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
# more
-microcode_ctl
%end
################################################################################
# Pre section
################################################################################
%pre --log=/tmp/ks-pre.log
#!/bin/bash
#
# First read the cmdline:
# on installation edit the PXE boot line and add: hostname=<hostname>
#
set -- `cat /proc/cmdline`
for I in $*;
do
case "$I" in
*=*) eval $I
;;
esac;
done
################################################################################
# Configure the network
################################################################################
touch /tmp/routing
# just use DHCP + eth0 (no fancy routing for straight forward VM installation)
if [ "${hostname}" != "" ]; then
echo "network --device=eth0 --bootproto=dhcp --onboot=yes --noipv6" \
--hostname=${hostname} >/tmp/network
else
echo "network --device=eth0 --bootproto=dhcp --onboot=yes --noipv6" \
>/tmp/network
fi
%end
################################################################################
# Post sections follow here
#
# Feel free to re-implement everything using your configuration management
################################################################################
%post --log=/root/ks-post.log
# If you prefer Emacs, remove these:
echo "set -o vi" >> /etc/profile
echo "set -o vi" >> /etc/bashrc
# Vagrant:
useradd -m -d /home/vagrant -s /bin/bash -p '$6$rounds=1000000$KKaL8Z6CY+YxSbNh$CfE6VGt92n6ESZOhYPRO7hMwBhoFpYCPwc7qqjPPEdJzp8kpkPCUA46zLDyuLgcnMaF32mFuaiukmCC3jSmQk/' -c "Vagrant Administrator" vagrant
mkdir /home/vagrant/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > /home/vagrant/.ssh/authorized_keys
chmod 700 /u01/app/wlsofm/.ssh
chmod 600 /u01/app/wlsofm/.ssh/authorized_keys
################################################################################
# End post install configurations
################################################################################
###passwd -e root # <-- if you want to type in a complicated password ;-)
touch /.autorelabel
%end
%post --nochroot
cp /tmp/* /mnt/sysimage/tmp/
%end
# Reboot machine after installation
reboot