-
Notifications
You must be signed in to change notification settings - Fork 1
/
minimal_el7_free-space-in-vg.cfg
301 lines (261 loc) · 8.28 KB
/
minimal_el7_free-space-in-vg.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
# Basic EL 7 Kickstart configuration
# Load form a webserver / GitHub after (network) boot
# Retrieves software directly from CentOS mirror
#
# No hardening, not much modifications except
#
# 201510 Joachim la Poutre'
################################################################################
# Command Section
################################################################################
# Perform the installation in a completely non-interactive command
# The recommended use is in conjunction with RUNKS=1 and ks= cmdline
# (Required) We want to "install" as opposed to "upgrade" an existing system
#optional since Fedora 18 #
install
url --url http://mirror.centos.org/centos/7/os/x86_64/
# Use text mode install
text
# Reboot the machine after the installation is complete
# and attempt to eject the CD/DVD/Bootdisk
reboot
# X is not configured except for Desktops
skipx
# Skip EULA (include this for non-interactive install of subcription based EL)
eula --agreed
# System keyboard
keyboard us
# System language
lang en_US.UTF-8
# Setup agent should not start the first time the system boots:
firstboot --disable
# Include created here for the moment not working or required (CD boot)
%include /tmp/network
# (Required) Sets the root password so there is no prompt during installation
rootpw --iscrypted $6$rounds=1000000$Vk3DpNkIQEsP5dsy$4D6K/2L48u1CMJk.l8f8LftXbMP/NVvi2F5xEns7kShS1dhr0CROeecgjj8e1dvUptY0AajecNl/FZVQUkbmq0
# Enable the firewall
firewall --enabled --ssh --port=80:tcp
# shadow configuration:
authconfig --enableshadow --passalgo=sha512
# System timezone
timezone --utc Europe/Amsterdam
# CIS 1.4.1 Enable SELinux (default), 1.4.2 Enforcing, 1.4.3 Targeted Policy
selinux --enforcing
# Clear the Master Boot Record
zerombr
# Partition clearing information
# The --initlabel option has been deprecated. To initialize disks with invalid partition tables and clear their contents, use the zerombr command.
clearpart --all
# System bootloader configuration and auto-partitioning
#bootloader --location=mbr --boot-drive=sda
#autopart --type=lvm
# or use explicit partitioning below
# Include generated partition layout
%include /tmp/partitions
################################################################################
# Packages
# see output from 'yum group info Core'' (and 'Base')
################################################################################
%packages # obsolete # --nobase
@core
# add some basic software
acl
authconfig
bash-completion
bc
bind-libs
bind-utils
bridge-utils
bzip2
chrony
cpio
crontabs
ed
ethtool
file
firewalld
gnupg2
krb5-workstation
logrotate
lsof
lvm2
man-db
man-pages
nc
net-tools
openldap-clients
openssh-clients
pam_krb5
pam_ldap
perl
plymouth
prelink
rsync
samba-common
samba-winbind
sssd
strace
tcpdump
tcp_wrappers
telnet
tmux
traceroute
virt-what
wget
which
xfsdump
xz
yum-utils
zip
# Remove from Core (rpm -qa|grep -i firmware|grep -v linux|sed -e 's/^/-/;s/-[0-9][0-9]..*//;s/-[0-9]..*//'|sort)
-aic94xx-firmware
-alsa-firmware
-alsa-tools-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-libertas-usb8388-firmware
# more
-microcode_ctl
%end
################################################################################
# Pre section
################################################################################
%pre --log=/tmp/ks-pre.log
#!/bin/bash
#
# First read the cmdline:
# on installation edit the PXE boot line and add: hostname=<hostname>
#
set -- `cat /proc/cmdline`
for I in $*;
do
case "$I" in
*=*) eval $I
;;
esac;
done
################################################################################
# Configure the network
################################################################################
touch /tmp/routing
# just use DHCP + eth0 (no fancy routing for straight forward VM installation)
if [ "${hostname}" != "" ]; then
echo "network --device=eth0 --bootproto=dhcp --onboot=yes --noipv6" \
--hostname=${hostname} >/tmp/network
else
echo "network --device=eth0 --bootproto=dhcp --onboot=yes --noipv6" \
>/tmp/network
fi
################################################################################
# Configure the boot disk
# NB: VM should be provisioned with minimum size or bigger!
################################################################################
# get the first hard drive from 'list-harddrives'
# e.g. output for one disk:
# sda 61440.0
#
# minimum size of hard drive needed specified in GIGABYTES, 4Gb < VBox default
MINSIZE=4
INSTDISK=""
# /sys/block/*/size is in 512 byte chunks: GBs = blocks / 2^21
# DEVI=/sys/block/${DEV}
# SIZE=`cat ${DEVI}/size`
# GB=$(($SIZE/2**21))
#list-harddrives >/tmp/list-harddrives.out
# make first drive >= ${MINSIZE} INSTDISK
# WARNING: if your disk is not big enough, Kickstart faile without providing
# very helpful information!!
list-harddrives | while read DEV MSIZE
do
echo "Disk device: ${DEV}"
GBDS=$((${MSIZE%.*}/1024))
echo "Disk size in GB: ${GBDS}"
#if [ `echo $((${GBDS}/${MINSIZE}))` -ge 1 ]; then
if [ ${GBDS} -ge ${MINSIZE} ]; then
echo ${DEV} > /tmp/installdisk
break 1
fi
done
INSTDISK=${DEV}
echo "variable disk: ${INSTDISK}"
INSTDISK=`cat /tmp/installdisk`
echo "Install disk: ${INSTDISK}"
#
# Generate partition and volume layout
# CIS Benchmark 1.1: skip this for non-production
#
if [ "${hostname}" == "" -o "${hostname}" == "localhost" ]; then
vgname=vg_system
else
vgname=vg_${hostname%%.*}
fi
# RAM in GB:
MemTotal=`awk '/MemTotal:/ {print ($2/(1024^2))}' /proc/meminfo`
echo "RAM in GB: ${MemTotal}"
# use recommended swapsize below 32Gb RAM, above make a new decision about disks & swap
# EL 6 "--recommended" should translate to:
# RAM Gb swap space Gb
# =< 2 2 times RAM
# 2 < RAM =< 8 equal to RAM
# 8 < RAM =< 64 0.5 times RAM
# > 64 ???
# (same in EL 7?)
# We tested for a disk >= 60 Gb, with 27.5 Gb file systems that leaves about 32 Gb for paging
# ==> Up to 64 Gb RAM --recommended should work:
if [ ${MemTotal%.*} -lt 65 ]; then
swapsize=recommended
# for large memory systems just use 32Gb and add swap devices if needed:
else
swapsize="size=32768"
# or set swapzize=grow for bigger disks?
fi
# KISS: just /boot, / and swap:
echo "part /boot --fstype ext4 --size=512 --asprimary --ondisk ${INSTDISK}
part pv.3 --size=100 --grow
volgroup ${vgname} pv.3
logvol swap --fstype swap --name=lv_swap --vgname=${vgname} --${swapsize}
logvol / --fstype xfs --name=lv_root --vgname=${vgname} --size=100 --grow --maxsize=3072" >/tmp/partitions
%end
################################################################################
# Post sections follow here
#
# Feel free to re-implement everything using your configuration management
################################################################################
%post --log=/root/ks-post.log
# If you prefer Emacs, remove these:
echo "set -o vi" >> /etc/profile
echo "set -o vi" >> /etc/bashrc
# Vagrant:
useradd -m -d /home/vagrant -s /bin/bash -p '$6$rounds=1000000$KKaL8Z6CY+YxSbNh$CfE6VGt92n6ESZOhYPRO7hMwBhoFpYCPwc7qqjPPEdJzp8kpkPCUA46zLDyuLgcnMaF32mFuaiukmCC3jSmQk/' -c "Vagrant Administrator" vagrant
mkdir /home/vagrant/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" > /home/vagrant/.ssh/authorized_keys
chmod 700 /u01/app/wlsofm/.ssh
chmod 600 /u01/app/wlsofm/.ssh/authorized_keys
################################################################################
# End post install configurations
################################################################################
###passwd -e root # <-- if you want to type in a complicated password ;-)
touch /.autorelabel
%end
%post --nochroot
cp /tmp/* /mnt/sysimage/tmp/
%end
# Reboot machine after installation
reboot