|
#version=DEVEL
|
|
# System authorization information
|
|
auth --useshadow --passalgo=sha256 --kickstart
|
|
# Install OS instead of upgrade
|
|
install
|
|
# Use network installation
|
|
url --url="+++pulp repo+++"
|
|
# Use text mode install
|
|
text
|
|
# Firewall configuration
|
|
firewall --enabled --service=ssh
|
|
firstboot --disable
|
|
ignoredisk --only-use=vda
|
|
# Keyboard layouts
|
|
# old format: keyboard de-latin1-nodeadkeys
|
|
# new format:
|
|
keyboard --vckeymap=de-latin1-nodeadkeys --xlayouts='de (nodeadkeys)'
|
|
# System language
|
|
lang en_US.UTF-8
|
|
|
|
# Network information
|
|
network --bootproto=dhcp --device=+++mac+++ --hostname=+++fqdn+++
|
|
# Reboot after installation
|
|
reboot
|
|
# Root password
|
|
rootpw --iscrypted +++hash+++
|
|
# SELinux configuration
|
|
selinux --enforcing
|
|
# System services
|
|
services --enabled="chronyd"
|
|
# Do not configure the X Window System
|
|
skipx
|
|
# System timezone
|
|
timezone Europe/Berlin
|
|
# System bootloader configuration
|
|
bootloader --append="nofb quiet splash=quiet crashkernel=auto" --location=mbr --boot-drive=vda
|
|
# Clear the Master Boot Record
|
|
zerombr
|
|
# Partition clearing information
|
|
clearpart --all --initlabel
|
|
# Disk partitioning information
|
|
part / --fstype="ext4" --size=94334
|
|
part swap --fstype="swap" --size=8065
|
|
|
|
%post --nochroot
|
|
exec < /dev/tty3 > /dev/tty3
|
|
#changing to VT 3 so that we can see whats going on....
|
|
/usr/bin/chvt 3
|
|
(
|
|
cp -va /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
|
|
/usr/bin/chvt 1
|
|
) 2>&1 | tee /mnt/sysimage/root/install.postnochroot.log
|
|
%end
|
|
|
|
%post
|
|
logger "Starting anaconda +++fqdn+++ postinstall"
|
|
exec < /dev/tty3 > /dev/tty3
|
|
#changing to VT 3 so that we can see whats going on....
|
|
/usr/bin/chvt 3
|
|
(
|
|
|
|
|
|
|
|
# interface
|
|
real=`ip -o link | awk '/+++mac+++/ {print $2;}' | sed s/:$//`
|
|
sanitized_real=`echo $real | sed s/:/_/`
|
|
|
|
|
|
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$sanitized_real
|
|
BOOTPROTO="dhcp"
|
|
DEVICE=$real
|
|
HWADDR="+++mac+++"
|
|
ONBOOT=yes
|
|
PEERDNS=yes
|
|
PEERROUTES=yes
|
|
DEFROUTE=yes
|
|
EOF
|
|
|
|
|
|
|
|
|
|
|
|
# add subscription manager
|
|
yum -t -y -e 0 install subscription-manager
|
|
rm -rf /etc/yum.repos.d/*
|
|
rpm -ivh http://+++foreman url+++/pub/katello-ca-consumer-latest.noarch.rpm
|
|
|
|
echo "Registering the System"
|
|
subscription-manager register --org="+++org+++" --name="+++fqdn+++" --activationkey="+++key+++" --baseurl="https://+++foreman url+++/pulp/repos"
|
|
|
|
echo "Installing Katello Agent"
|
|
yum -t -y -e 0 install katello-agent
|
|
chkconfig goferd on
|
|
|
|
|
|
|
|
|
|
yum install -y cockpit
|
|
systemctl enable --now cockpit.socket
|
|
|
|
|
|
|
|
# SSH keys setup snippet for Remote Execution plugin
|
|
#
|
|
# Parameters:
|
|
#
|
|
# remote_execution_ssh_keys: public keys to be put in ~/.ssh/authorized_keys
|
|
#
|
|
# remote_execution_ssh_user: user for which remote_execution_ssh_keys will be
|
|
# authorized
|
|
#
|
|
# remote_execution_create_user: create user if it not already existing
|
|
#
|
|
# remote_execution_effective_user_method: method to switch from ssh user to
|
|
# effective user
|
|
#
|
|
# This template sets up SSH keys in any host so that as long as your public
|
|
# SSH key is in remote_execution_ssh_keys, you can SSH into a host. This only
|
|
# works in combination with Remote Execution plugin.
|
|
|
|
# The Remote Execution plugin queries smart proxies to build the
|
|
# remote_execution_ssh_keys array which is then made available to this template
|
|
# via the host's parameters. There is currently no way of supplying this
|
|
# parameter manually.
|
|
# See http://projects.theforeman.org/issues/16107 for details.
|
|
|
|
|
|
|
|
|
|
user_exists=false
|
|
getent passwd root >/dev/null 2>&1 && user_exists=true
|
|
|
|
|
|
if $user_exists; then
|
|
|
|
|
|
mkdir -p ~root/.ssh
|
|
|
|
cat << EOF >> ~root/.ssh/authorized_keys
|
|
+++ssh key+++
|
|
EOF
|
|
|
|
chmod 0700 ~root/.ssh
|
|
chmod 0600 ~root/.ssh/authorized_keys
|
|
chown -R root: ~root/.ssh
|
|
|
|
# Restore SELinux context with restorecon, if it's available:
|
|
command -v restorecon && restorecon -RvF ~root/.ssh || true
|
|
|
|
else
|
|
echo 'The remote_execution_ssh_user does not exist and remote_execution_create_user is not set to true. remote_execution_ssh_keys snippet will not install keys'
|
|
fi
|
|
|
|
|
|
|
|
|
|
#update local time
|
|
echo "updating system time"
|
|
/usr/sbin/ntpdate -sub 0.de.pool.ntp.org
|
|
/usr/sbin/hwclock --systohc
|
|
/sbin/chkconfig --level 345 ntpd on
|
|
|
|
|
|
|
|
|
|
|
|
# Install check-mk-agent and open port
|
|
yum -y install +++url+++
|
|
systemctl enable check_mk.socket
|
|
firewall-offline-cmd --add-port=6556/tcp
|
|
|
|
|
|
# and add the puppet package
|
|
yum -t -y -e 0 install puppet
|
|
|
|
echo "Configuring puppet"
|
|
cat > /etc/puppet/puppet.conf << EOF
|
|
|
|
|
|
[main]
|
|
vardir = /var/lib/puppet
|
|
logdir = /var/log/puppet
|
|
rundir = /var/run/puppet
|
|
ssldir = \$vardir/ssl
|
|
|
|
[agent]
|
|
pluginsync = true
|
|
report = true
|
|
ignoreschedules = true
|
|
ca_server = +++ca server+++
|
|
certname = +++fqdn+++
|
|
environment = development
|
|
server = +++master fqdn+++
|
|
|
|
EOF
|
|
|
|
# Setup puppet to run on system reboot
|
|
/sbin/chkconfig --level 345 puppet on
|
|
|
|
/usr/bin/puppet agent --config /etc/puppet/puppet.conf -o --tags no_such_tag --server +++master fqdn+++ --no-daemonize
|
|
|
|
sync
|
|
|
|
# Inform the build system that we are done.
|
|
echo "Informing Foreman that we are built"
|
|
wget -q -O /dev/null --no-check-certificate http://+++foreman url+++/unattended/provision?token=a2f97d38-2813-46e1-8839-a3ed522a006e
|
|
) 2>&1 | tee /root/install.post.log
|
|
exit 0
|
|
|
|
%end
|
|
|
|
%packages --ignoremissing
|
|
@Core
|
|
chrony
|
|
dhclient
|
|
kexec-tools
|
|
ntp
|
|
smartmontools
|
|
tcpdump
|
|
traceroute
|
|
vim-enhanced
|
|
wget
|
|
yum
|
|
|
|
%end
|
|
|
|
%addon com_redhat_kdump --enable --reserve-mb='auto'
|
|
|
|
%end
|
