parent
81e0547756
commit
2025bcb0c2
1 changed files with 121 additions and 0 deletions
@ -0,0 +1,121 @@ |
|||||||
|
auth --enableshadow --passalgo=sha512 |
||||||
|
url --url="http://mirror.centos.org/centos/8/os/x86_64" |
||||||
|
cmdline |
||||||
|
skipx |
||||||
|
timezone Europe/Paris --isUtc |
||||||
|
keyboard --vckeymap=fr-oss --xlayouts='fr (oss)' |
||||||
|
lang fr_FR.UTF-8 |
||||||
|
services --enabled ntpd |
||||||
|
firewall --enabled --service ssh |
||||||
|
network --bootproto=dhcp --activate --noipv6 |
||||||
|
rootpw --iscrypted $6$6OYBD0R8xuGsqAUl$KVHVrjCM6VmLR13TW0exHAl4toKHxQTd9zwbuYzR/t79heCMrAcVmtBmw0wCcNu5zoz1y3LzwdIZjNedRlz7Y/ |
||||||
|
zerombr |
||||||
|
bootloader --location mbr --append 'ipv6.disable=1' |
||||||
|
# Enable fws and epel |
||||||
|
# FWS not available yet |
||||||
|
# repo --name=fws --baseurl=http://repo.firewall-services.com/centos/7 |
||||||
|
repo --name=epel --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=x86_64 |
||||||
|
|
||||||
|
%include /tmp/ks.partitions |
||||||
|
|
||||||
|
user --name=ansible --shell /bin/bash --gecos="Ansible Account" |
||||||
|
|
||||||
|
reboot |
||||||
|
|
||||||
|
%packages --nobase --ignoremissing |
||||||
|
epel-release |
||||||
|
crontabs |
||||||
|
dhclient |
||||||
|
irqbalance |
||||||
|
ntp |
||||||
|
openssh-server |
||||||
|
passwd |
||||||
|
prelink |
||||||
|
rootfiles |
||||||
|
selinux-policy-targeted |
||||||
|
tmpwatch |
||||||
|
yum |
||||||
|
mailx |
||||||
|
net-tools |
||||||
|
openssh-clients |
||||||
|
rsync |
||||||
|
screen |
||||||
|
sudo |
||||||
|
sysstat |
||||||
|
vim |
||||||
|
strace |
||||||
|
pbzip2 |
||||||
|
xz |
||||||
|
pxz |
||||||
|
iftop |
||||||
|
wget |
||||||
|
tcpdump |
||||||
|
pciutils |
||||||
|
nc |
||||||
|
lsof |
||||||
|
htop |
||||||
|
-iprutil |
||||||
|
-kernel-tools |
||||||
|
-kexec-tools |
||||||
|
-microcode_ctl |
||||||
|
-parted |
||||||
|
-NetworkManager |
||||||
|
-NetworkManager-tui |
||||||
|
-*-firmware |
||||||
|
-b43-openfwwf |
||||||
|
|
||||||
|
%end |
||||||
|
|
||||||
|
# Disable kdump |
||||||
|
%addon com_redhat_kdump --disable --reserve-mb='auto' |
||||||
|
|
||||||
|
%end |
||||||
|
|
||||||
|
################################################ |
||||||
|
# Detect hard drives before starting the install |
||||||
|
################################################ |
||||||
|
%pre --log /tmp/pre.log |
||||||
|
|
||||||
|
# ensure file exists |
||||||
|
touch /tmp/ks.partitions |
||||||
|
|
||||||
|
# Select first drive |
||||||
|
main_drive=$(list-harddrives | awk '$2>=8704 {print $1; nextfile}') |
||||||
|
ignore=$(echo $(list-harddrives | awk '$1!="'$main_drive'" {print $1}') | sed -e 's| |,|g') |
||||||
|
[ ! -z "$ignore" ] && echo "ignoredisk --drives $ignore" >> /tmp/ks.partitions |
||||||
|
cat << _EOF >> /tmp/ks.partitions |
||||||
|
clearpart --all --initlabel --drives $main_drive |
||||||
|
part /boot --fstype xfs --size 1024 --ondrive $main_drive |
||||||
|
part swap --fstype swap --size 512 |
||||||
|
part / --fstype xfs --size 7168 --grow |
||||||
|
_EOF |
||||||
|
|
||||||
|
%end |
||||||
|
|
||||||
|
################################################ |
||||||
|
# Copy logs in the chroot |
||||||
|
################################################ |
||||||
|
%post --nochroot |
||||||
|
cp /tmp/pre.log /mnt/sysimage/root/pre.log |
||||||
|
%end |
||||||
|
|
||||||
|
################################################ |
||||||
|
# Post-install processes |
||||||
|
################################################ |
||||||
|
%post --log /root/post.log |
||||||
|
|
||||||
|
# Initial SSH keys |
||||||
|
mkdir /home/ansible/.ssh |
||||||
|
cat << _EOF >> /home/ansible/.ssh/authorized_keys |
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCj9d6jDy0m7xtqGfR0ywyXnq0lRfqqP0TzBhvCI4rcrJaDSLyA5/mnme0TLfy6YsOUZq2bl/9ZMr4mq4Yw23CGDDha4XR2SUWuKzzkCvvGvDwy0qXUhwsT2tafknCPFDv91bAL5DvWae/Bv/jwhVc/116ICYJOBnxljkD2M6xbnJE92uCkgzSvthuWwBZsT5Oh/ofxHWhpcRISZeWZ70l1/U6jr7nJeBDX8p+uLKpBb+VNywtTmgnFbrS1HSc9MWkWNV7GrrZgXS5DumdKm5uX7IkSKsPNWtKHdC4M7OskqIjK9Fdp1mvI2fOaeJ4/20u45ojaltKy+4Xu7XxqZR3/FCugrlBujyXPRQZQUiYBAqjaWL6KRNxXEBNB8Om2n8+rRv4jKZ6VVbXi+8yJ5Iqp8HWlUNAUfOzBT3O5cV1UUAEke5INJnmiuojsHk9MhWoqwQ71FmcvYTpAAPtT+SdmF2nK1jrC7Nea4ODdFksN799zg4Kfyb8Vuv/F+nL/5wKwmwI5B5NmoCtrt4ZY8PMn/J/tT4cjkSjhQZjbN4KcCFSjf5vKPE70/iUQWB3C9dqz0+bmqx0Q+zTMHkEGHIgVE/jl02CvoXPnCoEd8rVG08Koqh4TDLnr6trEHueKE3FCXK1b3pIjpbzQ6Ytg4Pq4NkbMMOQAlYN0AR7i+rvngQ== ansible@firewall-services.com |
||||||
|
_EOF |
||||||
|
chmod 700 /home/ansible/.ssh |
||||||
|
chown -R ansible:ansible /home/ansible/.ssh |
||||||
|
|
||||||
|
# Sudo access for ansible |
||||||
|
cat << _EOF > /etc/sudoers.d/ansible |
||||||
|
Defaults:ansible !requiretty |
||||||
|
ansible ALL=(ALL) NOPASSWD: ALL |
||||||
|
_EOF |
||||||
|
|
||||||
|
%end |
Loading…
Reference in new issue