parent
81e0547756
commit
2025bcb0c2
1 changed files with 121 additions and 0 deletions
@ -0,0 +1,121 @@ |
||||
auth --enableshadow --passalgo=sha512 |
||||
url --url="http://mirror.centos.org/centos/8/os/x86_64" |
||||
cmdline |
||||
skipx |
||||
timezone Europe/Paris --isUtc |
||||
keyboard --vckeymap=fr-oss --xlayouts='fr (oss)' |
||||
lang fr_FR.UTF-8 |
||||
services --enabled ntpd |
||||
firewall --enabled --service ssh |
||||
network --bootproto=dhcp --activate --noipv6 |
||||
rootpw --iscrypted $6$6OYBD0R8xuGsqAUl$KVHVrjCM6VmLR13TW0exHAl4toKHxQTd9zwbuYzR/t79heCMrAcVmtBmw0wCcNu5zoz1y3LzwdIZjNedRlz7Y/ |
||||
zerombr |
||||
bootloader --location mbr --append 'ipv6.disable=1' |
||||
# Enable fws and epel |
||||
# FWS not available yet |
||||
# repo --name=fws --baseurl=http://repo.firewall-services.com/centos/7 |
||||
repo --name=epel --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=x86_64 |
||||
|
||||
%include /tmp/ks.partitions |
||||
|
||||
user --name=ansible --shell /bin/bash --gecos="Ansible Account" |
||||
|
||||
reboot |
||||
|
||||
%packages --nobase --ignoremissing |
||||
epel-release |
||||
crontabs |
||||
dhclient |
||||
irqbalance |
||||
ntp |
||||
openssh-server |
||||
passwd |
||||
prelink |
||||
rootfiles |
||||
selinux-policy-targeted |
||||
tmpwatch |
||||
yum |
||||
mailx |
||||
net-tools |
||||
openssh-clients |
||||
rsync |
||||
screen |
||||
sudo |
||||
sysstat |
||||
vim |
||||
strace |
||||
pbzip2 |
||||
xz |
||||
pxz |
||||
iftop |
||||
wget |
||||
tcpdump |
||||
pciutils |
||||
nc |
||||
lsof |
||||
htop |
||||
-iprutil |
||||
-kernel-tools |
||||
-kexec-tools |
||||
-microcode_ctl |
||||
-parted |
||||
-NetworkManager |
||||
-NetworkManager-tui |
||||
-*-firmware |
||||
-b43-openfwwf |
||||
|
||||
%end |
||||
|
||||
# Disable kdump |
||||
%addon com_redhat_kdump --disable --reserve-mb='auto' |
||||
|
||||
%end |
||||
|
||||
################################################ |
||||
# Detect hard drives before starting the install |
||||
################################################ |
||||
%pre --log /tmp/pre.log |
||||
|
||||
# ensure file exists |
||||
touch /tmp/ks.partitions |
||||
|
||||
# Select first drive |
||||
main_drive=$(list-harddrives | awk '$2>=8704 {print $1; nextfile}') |
||||
ignore=$(echo $(list-harddrives | awk '$1!="'$main_drive'" {print $1}') | sed -e 's| |,|g') |
||||
[ ! -z "$ignore" ] && echo "ignoredisk --drives $ignore" >> /tmp/ks.partitions |
||||
cat << _EOF >> /tmp/ks.partitions |
||||
clearpart --all --initlabel --drives $main_drive |
||||
part /boot --fstype xfs --size 1024 --ondrive $main_drive |
||||
part swap --fstype swap --size 512 |
||||
part / --fstype xfs --size 7168 --grow |
||||
_EOF |
||||
|
||||
%end |
||||
|
||||
################################################ |
||||
# Copy logs in the chroot |
||||
################################################ |
||||
%post --nochroot |
||||
cp /tmp/pre.log /mnt/sysimage/root/pre.log |
||||
%end |
||||
|
||||
################################################ |
||||
# Post-install processes |
||||
################################################ |
||||
%post --log /root/post.log |
||||
|
||||
# Initial SSH keys |
||||
mkdir /home/ansible/.ssh |
||||
cat << _EOF >> /home/ansible/.ssh/authorized_keys |
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCj9d6jDy0m7xtqGfR0ywyXnq0lRfqqP0TzBhvCI4rcrJaDSLyA5/mnme0TLfy6YsOUZq2bl/9ZMr4mq4Yw23CGDDha4XR2SUWuKzzkCvvGvDwy0qXUhwsT2tafknCPFDv91bAL5DvWae/Bv/jwhVc/116ICYJOBnxljkD2M6xbnJE92uCkgzSvthuWwBZsT5Oh/ofxHWhpcRISZeWZ70l1/U6jr7nJeBDX8p+uLKpBb+VNywtTmgnFbrS1HSc9MWkWNV7GrrZgXS5DumdKm5uX7IkSKsPNWtKHdC4M7OskqIjK9Fdp1mvI2fOaeJ4/20u45ojaltKy+4Xu7XxqZR3/FCugrlBujyXPRQZQUiYBAqjaWL6KRNxXEBNB8Om2n8+rRv4jKZ6VVbXi+8yJ5Iqp8HWlUNAUfOzBT3O5cV1UUAEke5INJnmiuojsHk9MhWoqwQ71FmcvYTpAAPtT+SdmF2nK1jrC7Nea4ODdFksN799zg4Kfyb8Vuv/F+nL/5wKwmwI5B5NmoCtrt4ZY8PMn/J/tT4cjkSjhQZjbN4KcCFSjf5vKPE70/iUQWB3C9dqz0+bmqx0Q+zTMHkEGHIgVE/jl02CvoXPnCoEd8rVG08Koqh4TDLnr6trEHueKE3FCXK1b3pIjpbzQ6Ytg4Pq4NkbMMOQAlYN0AR7i+rvngQ== ansible@firewall-services.com |
||||
_EOF |
||||
chmod 700 /home/ansible/.ssh |
||||
chown -R ansible:ansible /home/ansible/.ssh |
||||
|
||||
# Sudo access for ansible |
||||
cat << _EOF > /etc/sudoers.d/ansible |
||||
Defaults:ansible !requiretty |
||||
ansible ALL=(ALL) NOPASSWD: ALL |
||||
_EOF |
||||
|
||||
%end |
Loading…
Reference in new issue