You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
121 lines
3.3 KiB
121 lines
3.3 KiB
auth --enableshadow --passalgo=sha512
|
|
url --url="http://mirror.centos.org/centos/8/os/x86_64"
|
|
cmdline
|
|
skipx
|
|
timezone Europe/Paris --isUtc
|
|
keyboard --vckeymap=fr-oss --xlayouts='fr (oss)'
|
|
lang fr_FR.UTF-8
|
|
services --enabled ntpd
|
|
firewall --enabled --service ssh
|
|
network --bootproto=dhcp --activate --noipv6
|
|
rootpw --iscrypted $6$6OYBD0R8xuGsqAUl$KVHVrjCM6VmLR13TW0exHAl4toKHxQTd9zwbuYzR/t79heCMrAcVmtBmw0wCcNu5zoz1y3LzwdIZjNedRlz7Y/
|
|
zerombr
|
|
bootloader --location mbr --append 'ipv6.disable=1'
|
|
# Enable fws and epel
|
|
# FWS not available yet
|
|
# repo --name=fws --baseurl=http://repo.firewall-services.com/centos/7
|
|
repo --name=epel --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=x86_64
|
|
|
|
%include /tmp/ks.partitions
|
|
|
|
user --name=ansible --shell /bin/bash --gecos="Ansible Account"
|
|
|
|
reboot
|
|
|
|
%packages --nobase --ignoremissing
|
|
epel-release
|
|
crontabs
|
|
dhclient
|
|
irqbalance
|
|
ntp
|
|
openssh-server
|
|
passwd
|
|
prelink
|
|
rootfiles
|
|
selinux-policy-targeted
|
|
tmpwatch
|
|
yum
|
|
mailx
|
|
net-tools
|
|
openssh-clients
|
|
rsync
|
|
screen
|
|
sudo
|
|
sysstat
|
|
vim
|
|
strace
|
|
pbzip2
|
|
xz
|
|
pxz
|
|
iftop
|
|
wget
|
|
tcpdump
|
|
pciutils
|
|
nc
|
|
lsof
|
|
htop
|
|
-iprutil
|
|
-kernel-tools
|
|
-kexec-tools
|
|
-microcode_ctl
|
|
-parted
|
|
-NetworkManager
|
|
-NetworkManager-tui
|
|
-*-firmware
|
|
-b43-openfwwf
|
|
|
|
%end
|
|
|
|
# Disable kdump
|
|
%addon com_redhat_kdump --disable --reserve-mb='auto'
|
|
|
|
%end
|
|
|
|
################################################
|
|
# Detect hard drives before starting the install
|
|
################################################
|
|
%pre --log /tmp/pre.log
|
|
|
|
# ensure file exists
|
|
touch /tmp/ks.partitions
|
|
|
|
# Select first drive
|
|
main_drive=$(list-harddrives | awk '$2>=8704 {print $1; nextfile}')
|
|
ignore=$(echo $(list-harddrives | awk '$1!="'$main_drive'" {print $1}') | sed -e 's| |,|g')
|
|
[ ! -z "$ignore" ] && echo "ignoredisk --drives $ignore" >> /tmp/ks.partitions
|
|
cat << _EOF >> /tmp/ks.partitions
|
|
clearpart --all --initlabel --drives $main_drive
|
|
part /boot --fstype xfs --size 1024 --ondrive $main_drive
|
|
part swap --fstype swap --size 512
|
|
part / --fstype xfs --size 7168 --grow
|
|
_EOF
|
|
|
|
%end
|
|
|
|
################################################
|
|
# Copy logs in the chroot
|
|
################################################
|
|
%post --nochroot
|
|
cp /tmp/pre.log /mnt/sysimage/root/pre.log
|
|
%end
|
|
|
|
################################################
|
|
# Post-install processes
|
|
################################################
|
|
%post --log /root/post.log
|
|
|
|
# Initial SSH keys
|
|
mkdir /home/ansible/.ssh
|
|
cat << _EOF >> /home/ansible/.ssh/authorized_keys
|
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCj9d6jDy0m7xtqGfR0ywyXnq0lRfqqP0TzBhvCI4rcrJaDSLyA5/mnme0TLfy6YsOUZq2bl/9ZMr4mq4Yw23CGDDha4XR2SUWuKzzkCvvGvDwy0qXUhwsT2tafknCPFDv91bAL5DvWae/Bv/jwhVc/116ICYJOBnxljkD2M6xbnJE92uCkgzSvthuWwBZsT5Oh/ofxHWhpcRISZeWZ70l1/U6jr7nJeBDX8p+uLKpBb+VNywtTmgnFbrS1HSc9MWkWNV7GrrZgXS5DumdKm5uX7IkSKsPNWtKHdC4M7OskqIjK9Fdp1mvI2fOaeJ4/20u45ojaltKy+4Xu7XxqZR3/FCugrlBujyXPRQZQUiYBAqjaWL6KRNxXEBNB8Om2n8+rRv4jKZ6VVbXi+8yJ5Iqp8HWlUNAUfOzBT3O5cV1UUAEke5INJnmiuojsHk9MhWoqwQ71FmcvYTpAAPtT+SdmF2nK1jrC7Nea4ODdFksN799zg4Kfyb8Vuv/F+nL/5wKwmwI5B5NmoCtrt4ZY8PMn/J/tT4cjkSjhQZjbN4KcCFSjf5vKPE70/iUQWB3C9dqz0+bmqx0Q+zTMHkEGHIgVE/jl02CvoXPnCoEd8rVG08Koqh4TDLnr6trEHueKE3FCXK1b3pIjpbzQ6Ytg4Pq4NkbMMOQAlYN0AR7i+rvngQ== ansible@firewall-services.com
|
|
_EOF
|
|
chmod 700 /home/ansible/.ssh
|
|
chown -R ansible:ansible /home/ansible/.ssh
|
|
|
|
# Sudo access for ansible
|
|
cat << _EOF > /etc/sudoers.d/ansible
|
|
Defaults:ansible !requiretty
|
|
ansible ALL=(ALL) NOPASSWD: ALL
|
|
_EOF
|
|
|
|
%end
|
|
|