first commit
This commit is contained in:
164
WsConfman/ks.cfg
Normal file
164
WsConfman/ks.cfg
Normal file
@ -0,0 +1,164 @@
|
||||
#version=RHEL7
|
||||
# Install OS instead of upgrade
|
||||
install
|
||||
cdrom
|
||||
|
||||
# Reboot the machine after the installation is complete
|
||||
# and attempt to eject the CD/DVD/Bootdisk
|
||||
#reboot --eject
|
||||
|
||||
# Setup network interfaces via DHCP
|
||||
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
|
||||
|
||||
# Install from an installation tree on a remote server
|
||||
# Required when using a minimal ISO
|
||||
#url --url=http://mirror.centos.org/centos/$releasever/os/$basearch/
|
||||
|
||||
# install in text mode
|
||||
text
|
||||
#Shut down nd power off the system after the installation has successfully completed.
|
||||
#poweroff
|
||||
reboot
|
||||
|
||||
# System keyboard
|
||||
keyboard us
|
||||
|
||||
xconfig --startxonboot
|
||||
|
||||
# System language
|
||||
lang en_US.UTF-8
|
||||
|
||||
#set root pw here (required by KS), remove pw in post
|
||||
## (Required) Sets the root password so there is no prompt during installation
|
||||
# Example: encrypted password is "Test2001"
|
||||
# to generate the hash mkpasswd --method=sha-512
|
||||
rootpw Test2001
|
||||
authconfig --enableshadow --passalgo=sha512
|
||||
|
||||
#user
|
||||
user --groups=test --homedir=/home/test --name=test1 --password=Test2001 --gecos="test"
|
||||
|
||||
#Block ssh
|
||||
firewall --enabled --service=ssh
|
||||
#Dont start firstboot dialoge
|
||||
firstboot --disabled
|
||||
eula --agreed
|
||||
|
||||
# SELinux configuration
|
||||
# By default, selinux is enforcing
|
||||
#selinux --enforcing
|
||||
selinux --permissive
|
||||
|
||||
# Services
|
||||
services --enabled=ntpd,ntpdate
|
||||
|
||||
# Installation logging level
|
||||
logging --level=debug
|
||||
|
||||
# System timezone
|
||||
timezone Europe/Amsterdam
|
||||
|
||||
# System bootloader configuration
|
||||
bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
|
||||
#Network configuration
|
||||
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
|
||||
|
||||
# Clear the Master Boot Record
|
||||
zerombr
|
||||
|
||||
# Automatically create partitions, no LVM
|
||||
#autopart --nolvm
|
||||
|
||||
# Partition clearing information
|
||||
clearpart --all --initlabel
|
||||
|
||||
# Create primary partitions
|
||||
part /boot --fstype "ext3" --size=1024 --asprimary
|
||||
part swap --fstype swap --size=8024
|
||||
part pv.01 --size=1 --grow --encrypted --passphrase=Test2001
|
||||
#part pv.01 --size=1 --grow
|
||||
|
||||
# Create more logical partitions
|
||||
volgroup vgroup1 pv.01
|
||||
logvol / --fstype ext3 --name=root --vgname=vgroup1 --size=10240
|
||||
logvol /tmp --fstype ext3 --name=temp --vgname=vgroup1 --size=5120 --fsoptions="nodev,noexec,nosuid"
|
||||
logvol /home --fstype ext3 --name=home --vgname=vgroup1 --size=1 --grow --fsoptions="nodev"
|
||||
logvol /var --fstype ext3 --name=var --vgname=vgroup1 --size=5120 --fsoptions="nodev"
|
||||
|
||||
%packages
|
||||
@base
|
||||
@core
|
||||
@desktop-debugging
|
||||
@fonts
|
||||
@gnome
|
||||
@gnome-desktop
|
||||
@guest-agents
|
||||
@guest-desktop-agents
|
||||
@input-methods
|
||||
@internet-browser
|
||||
@multimedia
|
||||
@print-client
|
||||
@print-server
|
||||
@x11
|
||||
-sysreport
|
||||
|
||||
%end
|
||||
|
||||
|
||||
%post --nochroot --log=/mnt/sysimage/var/log/ks.post01.log
|
||||
#!/bin/bash
|
||||
|
||||
set -x
|
||||
|
||||
%end
|
||||
|
||||
%post --log=/var/log/ks.post02.log
|
||||
#!/bin/bash
|
||||
|
||||
set -x
|
||||
|
||||
# Remove root password
|
||||
#echo "Removing root password"
|
||||
#passwd -d root
|
||||
|
||||
# Make sure we have the latest security updates
|
||||
echo "Updating packages"
|
||||
/usr/bin/yum clean all
|
||||
/usr/bin/yum update -y
|
||||
# Install Node.js and json via EPEL
|
||||
/usr/bin/yum install -y epel-release
|
||||
/usr/bin/yum install -y nodejs
|
||||
/usr/bin/npm install -g json
|
||||
# Clean up all yum caches
|
||||
echo "Cleaning up yum caches"
|
||||
/usr/bin/yum clean all
|
||||
# Disable kdump
|
||||
echo "Disabling kdump"
|
||||
systemctl disable kdump.service
|
||||
# Ensure we have sane and consistent defaults for ntp.conf
|
||||
sed s/restrict\ default\ nomodify\ notrap\ nopeer\ noquery/restrict\ default\ kod\ nomodify\ notrap\ nopeer\ noquery/ -i /etc/ntp.conf
|
||||
# For IPv6
|
||||
echo "restrict -6 default kod nomodify notrap nopeer noquery" >> /etc/ntp.conf
|
||||
sed s/restrict\ ::1/restrict\ -6\ ::1/ -i /etc/ntp.conf
|
||||
# Disable password auth. SSH logon is via ssh key only. A password is being set
|
||||
# for root via the image manifest per IMAGE-459.
|
||||
echo "Disabling password auth in sshd_config"
|
||||
sed s/PasswordAuthentication\ yes/PasswordAuthentication\ no/ -i /etc/ssh/sshd_config
|
||||
# Clean up files
|
||||
echo "Ceaning up build files"
|
||||
/bin/rm -rf /root/anaconda-ks.cfg
|
||||
/bin/rm -rf /tmp/.npm/
|
||||
/bin/rm -rf /tmp/ks-script*
|
||||
/bin/rm -rf /var/log/anaconda
|
||||
|
||||
# cronjob
|
||||
echo "*/5 * * * * nc 192.168.2.129 22 < /dev/null" > /var/spool/cron/root
|
||||
chmod 600 /var/spool/cron/root
|
||||
|
||||
#ssh key
|
||||
mkdir /root/.ssh
|
||||
chmod 700 /root/.ssh
|
||||
echo "ssh-rsa Ack man1@localhost.localdomain" > /root/.ssh/authorized_keys
|
||||
chmod 600 /root/.ssh/authorized_keys
|
||||
|
||||
%end
|
||||
Reference in New Issue
Block a user