165 lines
4.1 KiB
INI
165 lines
4.1 KiB
INI
#version=RHEL7
|
|
# Install OS instead of upgrade
|
|
install
|
|
cdrom
|
|
|
|
# Reboot the machine after the installation is complete
|
|
# and attempt to eject the CD/DVD/Bootdisk
|
|
#reboot --eject
|
|
|
|
# Setup network interfaces via DHCP
|
|
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
|
|
|
|
# Install from an installation tree on a remote server
|
|
# Required when using a minimal ISO
|
|
#url --url=http://mirror.centos.org/centos/$releasever/os/$basearch/
|
|
|
|
# install in text mode
|
|
text
|
|
#Shut down nd power off the system after the installation has successfully completed.
|
|
#poweroff
|
|
reboot
|
|
|
|
# System keyboard
|
|
keyboard us
|
|
|
|
xconfig --startxonboot
|
|
|
|
# System language
|
|
lang en_US.UTF-8
|
|
|
|
#set root pw here (required by KS), remove pw in post
|
|
## (Required) Sets the root password so there is no prompt during installation
|
|
# Example: encrypted password is "Test2001"
|
|
# to generate the hash mkpasswd --method=sha-512
|
|
rootpw Test2001
|
|
authconfig --enableshadow --passalgo=sha512
|
|
|
|
#user
|
|
user --groups=test --homedir=/home/test --name=test1 --password=Test2001 --gecos="test"
|
|
|
|
#Block ssh
|
|
firewall --enabled --service=ssh
|
|
#Dont start firstboot dialoge
|
|
firstboot --disabled
|
|
eula --agreed
|
|
|
|
# SELinux configuration
|
|
# By default, selinux is enforcing
|
|
#selinux --enforcing
|
|
selinux --permissive
|
|
|
|
# Services
|
|
services --enabled=ntpd,ntpdate
|
|
|
|
# Installation logging level
|
|
logging --level=debug
|
|
|
|
# System timezone
|
|
timezone Europe/Amsterdam
|
|
|
|
# System bootloader configuration
|
|
bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
|
|
#Network configuration
|
|
network --device=enp0s3 --bootproto=dhcp --onboot=yes --activate
|
|
|
|
# Clear the Master Boot Record
|
|
zerombr
|
|
|
|
# Automatically create partitions, no LVM
|
|
#autopart --nolvm
|
|
|
|
# Partition clearing information
|
|
clearpart --all --initlabel
|
|
|
|
# Create primary partitions
|
|
part /boot --fstype "ext3" --size=1024 --asprimary
|
|
part swap --fstype swap --size=8024
|
|
part pv.01 --size=1 --grow --encrypted --passphrase=Test2001
|
|
#part pv.01 --size=1 --grow
|
|
|
|
# Create more logical partitions
|
|
volgroup vgroup1 pv.01
|
|
logvol / --fstype ext3 --name=root --vgname=vgroup1 --size=10240
|
|
logvol /tmp --fstype ext3 --name=temp --vgname=vgroup1 --size=5120 --fsoptions="nodev,noexec,nosuid"
|
|
logvol /home --fstype ext3 --name=home --vgname=vgroup1 --size=1 --grow --fsoptions="nodev"
|
|
logvol /var --fstype ext3 --name=var --vgname=vgroup1 --size=5120 --fsoptions="nodev"
|
|
|
|
%packages
|
|
@base
|
|
@core
|
|
@desktop-debugging
|
|
@fonts
|
|
@gnome
|
|
@gnome-desktop
|
|
@guest-agents
|
|
@guest-desktop-agents
|
|
@input-methods
|
|
@internet-browser
|
|
@multimedia
|
|
@print-client
|
|
@print-server
|
|
@x11
|
|
-sysreport
|
|
|
|
%end
|
|
|
|
|
|
%post --nochroot --log=/mnt/sysimage/var/log/ks.post01.log
|
|
#!/bin/bash
|
|
|
|
set -x
|
|
|
|
%end
|
|
|
|
%post --log=/var/log/ks.post02.log
|
|
#!/bin/bash
|
|
|
|
set -x
|
|
|
|
# Remove root password
|
|
#echo "Removing root password"
|
|
#passwd -d root
|
|
|
|
# Make sure we have the latest security updates
|
|
echo "Updating packages"
|
|
/usr/bin/yum clean all
|
|
/usr/bin/yum update -y
|
|
# Install Node.js and json via EPEL
|
|
/usr/bin/yum install -y epel-release
|
|
/usr/bin/yum install -y nodejs
|
|
/usr/bin/npm install -g json
|
|
# Clean up all yum caches
|
|
echo "Cleaning up yum caches"
|
|
/usr/bin/yum clean all
|
|
# Disable kdump
|
|
echo "Disabling kdump"
|
|
systemctl disable kdump.service
|
|
# Ensure we have sane and consistent defaults for ntp.conf
|
|
sed s/restrict\ default\ nomodify\ notrap\ nopeer\ noquery/restrict\ default\ kod\ nomodify\ notrap\ nopeer\ noquery/ -i /etc/ntp.conf
|
|
# For IPv6
|
|
echo "restrict -6 default kod nomodify notrap nopeer noquery" >> /etc/ntp.conf
|
|
sed s/restrict\ ::1/restrict\ -6\ ::1/ -i /etc/ntp.conf
|
|
# Disable password auth. SSH logon is via ssh key only. A password is being set
|
|
# for root via the image manifest per IMAGE-459.
|
|
echo "Disabling password auth in sshd_config"
|
|
sed s/PasswordAuthentication\ yes/PasswordAuthentication\ no/ -i /etc/ssh/sshd_config
|
|
# Clean up files
|
|
echo "Ceaning up build files"
|
|
/bin/rm -rf /root/anaconda-ks.cfg
|
|
/bin/rm -rf /tmp/.npm/
|
|
/bin/rm -rf /tmp/ks-script*
|
|
/bin/rm -rf /var/log/anaconda
|
|
|
|
# cronjob
|
|
echo "*/5 * * * * nc 192.168.2.129 22 < /dev/null" > /var/spool/cron/root
|
|
chmod 600 /var/spool/cron/root
|
|
|
|
#ssh key
|
|
mkdir /root/.ssh
|
|
chmod 700 /root/.ssh
|
|
echo "ssh-rsa Ack man1@localhost.localdomain" > /root/.ssh/authorized_keys
|
|
chmod 600 /root/.ssh/authorized_keys
|
|
|
|
%end
|