jguldmyr / centos / kickstarts

Forked from centos/kickstarts 4 years ago
Clone

Blame CentOS-8-Stream-EC2.ks

Brian Stinson b8477d
text
Brian Stinson b8477d
auth --enableshadow --passalgo=sha512
Brian Stinson b8477d
shutdown
Brian Stinson b8477d
firewall --enabled --service=ssh
Brian Stinson b8477d
firstboot --disable
Brian Stinson b8477d
keyboard us
Brian Stinson b8477d
# System language
Brian Stinson b8477d
lang en_US.UTF-8
Brian Stinson b8477d
# Network information
Brian Stinson b8477d
network  --bootproto=dhcp --device=link --activate --onboot=on
Brian Stinson b8477d
network  --hostname=localhost.localdomain
Brian Stinson b8477d
# Root password
Brian Stinson b8477d
rootpw --iscrypted thereisnopasswordanditslocked
Brian Stinson b8477d
selinux --enforcing
Brian Stinson b8477d
services --disabled="kdump" --enabled="NetworkManager,sshd,rsyslog,chronyd,cloud-init,cloud-init-local,cloud-config,cloud-final,rngd"
Brian Stinson b8477d
timezone UTC --isUtc
Brian Stinson b8477d
# Disk
Brian Stinson b8477d
bootloader --append="console=ttyS0,115200n8 no_timer_check crashkernel=auto net.ifnames=0 nvme_core.io_timeout=4294967295 nvme_core.max_retries=10" --location=mbr --timeout=1 --boot-drive=vda 
Brian Stinson b8477d
zerombr
Brian Stinson b8477d
clearpart --all --initlabel 
Brian Stinson b8477d
reqpart
153a34
part biosboot --fstype=biosboot --size=1 --ondisk vda
083d49
part / --fstype="xfs" --ondisk=vda --size=7950
153a34
153a34
%pre --erroronfail
153a34
/usr/sbin/parted -s /dev/vda mklabel gpt
153a34
%end
Brian Stinson b8477d
Brian Stinson b8477d
%post --erroronfail
Brian Stinson b8477d
passwd -d root
Brian Stinson b8477d
passwd -l root
Brian Stinson b8477d
Brian Stinson b8477d
# pvgrub support
Brian Stinson b8477d
echo -n "Creating grub.conf for pvgrub"
Brian Stinson b8477d
rootuuid=$( awk '$2=="/" { print $1 };'  /etc/fstab )
Brian Stinson b8477d
mkdir /boot/grub
Brian Stinson b8477d
echo -e 'default=0\ntimeout=0\n\n' > /boot/grub/grub.conf
Brian Stinson b8477d
for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-//  ); do
Brian Stinson b8477d
  echo "title CentOS Stream 8 ($kv)" >> /boot/grub/grub.conf
Brian Stinson b8477d
  echo -e "\troot (hd0)" >> /boot/grub/grub.conf
Brian Stinson b8477d
  echo -e "\tkernel /boot/vmlinuz-$kv ro root=$rootuuid console=hvc0 LANG=en_US.UTF-8" >> /boot/grub/grub.conf
Brian Stinson b8477d
  echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
Brian Stinson b8477d
  echo
Brian Stinson b8477d
done
Brian Stinson b8477d
ln -sf grub.conf /boot/grub/menu.lst
Brian Stinson b8477d
ln -sf /boot/grub/grub.conf /etc/grub.conf
Brian Stinson b8477d
Brian Stinson b8477d
# setup systemd to boot to the right runlevel
Brian Stinson b8477d
rm -f /etc/systemd/system/default.target
Brian Stinson b8477d
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
Brian Stinson b8477d
echo .
Brian Stinson b8477d
Brian Stinson 8f9415
dnf -C -y remove linux-firmware
Brian Stinson b8477d
Brian Stinson b8477d
# Remove firewalld; it is required to be present for install/image building.
Brian Stinson b8477d
# but we dont ship it in cloud
Brian Stinson 8f9415
dnf -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
Brian Stinson 8f9415
dnf -C -y remove avahi\* 
Brian Stinson b8477d
sed -i '/^#NAutoVTs=.*/ a\
Brian Stinson b8477d
NAutoVTs=0' /etc/systemd/logind.conf
Brian Stinson b8477d
Brian Stinson b8477d
cat > /etc/sysconfig/network << EOF
Brian Stinson b8477d
NETWORKING=yes
Brian Stinson b8477d
NOZEROCONF=yes
Brian Stinson b8477d
EOF
Brian Stinson b8477d
Brian Stinson b8477d
# For cloud images, 'eth0' _is_ the predictable device name, since
Brian Stinson b8477d
# we don't want to be tied to specific virtual (!) hardware
Brian Stinson b8477d
rm -f /etc/udev/rules.d/70*
Brian Stinson b8477d
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
Brian Stinson b8477d
Brian Stinson b8477d
# simple eth0 config, again not hard-coded to the build hardware
Brian Stinson b8477d
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
Brian Stinson b8477d
DEVICE="eth0"
Brian Stinson b8477d
BOOTPROTO="dhcp"
Brian Stinson b8477d
ONBOOT="yes"
Brian Stinson b8477d
TYPE="Ethernet"
Brian Stinson b8477d
USERCTL="yes"
Brian Stinson b8477d
PEERDNS="yes"
Brian Stinson b8477d
IPV6INIT="no"
Brian Stinson b8477d
PERSISTENT_DHCLIENT="1"
Brian Stinson b8477d
EOF
Brian Stinson b8477d
Brian Stinson b8477d
echo "virtual-guest" > /etc/tuned/active_profile
Brian Stinson b8477d
Brian Stinson b8477d
# generic localhost names
Brian Stinson b8477d
cat > /etc/hosts << EOF
Brian Stinson b8477d
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
Brian Stinson b8477d
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
Brian Stinson b8477d
Brian Stinson b8477d
EOF
Brian Stinson b8477d
echo .
Brian Stinson b8477d
Brian Stinson b8477d
systemctl mask tmp.mount
Brian Stinson b8477d
Brian Stinson b8477d
cat <<EOL > /etc/sysconfig/kernel
Brian Stinson b8477d
# UPDATEDEFAULT specifies if new-kernel-pkg should make
Brian Stinson b8477d
# new kernels the default
Brian Stinson b8477d
UPDATEDEFAULT=yes
Brian Stinson b8477d
Brian Stinson b8477d
# DEFAULTKERNEL specifies the default kernel package type
Brian Stinson b8477d
DEFAULTKERNEL=kernel
Brian Stinson b8477d
EOL
Brian Stinson b8477d
Brian Stinson b8477d
# make sure firstboot doesn't start
Brian Stinson b8477d
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
Brian Stinson b8477d
a811ed
# centos cloud user
a811ed
echo -e 'centos\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
Brian Stinson 8f9415
sed -i 's/name: cloud-user/name: centos/g' /etc/cloud/cloud.cfg
Brian Stinson b8477d
Brian Stinson b8477d
dnf clean all
Brian Stinson b8477d
Brian Stinson b8477d
# XXX instance type markers - MUST match CentOS Infra expectation
Brian Stinson b8477d
echo 'ec2' > /etc/yum/vars/infra
Brian Stinson b8477d
Brian Stinson b8477d
# change dhcp client retry/timeouts to resolve #6866
Brian Stinson b8477d
cat  >> /etc/dhcp/dhclient.conf << EOF
Brian Stinson b8477d
Brian Stinson b8477d
timeout 300;
Brian Stinson b8477d
retry 60;
Brian Stinson b8477d
EOF
Brian Stinson b8477d
Brian Stinson b8477d
Brian Stinson b8477d
rm -rf /var/log/yum.log
Brian Stinson b8477d
rm -rf /var/lib/yum/*
Brian Stinson b8477d
rm -rf /root/install.log
Brian Stinson b8477d
rm -rf /root/install.log.syslog
Brian Stinson b8477d
rm -rf /root/anaconda-ks.cfg
Brian Stinson b8477d
rm -rf /var/log/anaconda*
Brian Stinson b8477d
Brian Stinson b8477d
rm -f /var/lib/systemd/random-seed
Brian Stinson b8477d
Brian Stinson b8477d
cat /dev/null > /etc/machine-id
Brian Stinson b8477d
Brian Stinson b8477d
echo "Fixing SELinux contexts."
Brian Stinson b8477d
touch /var/log/cron
Brian Stinson b8477d
touch /var/log/boot.log
Brian Stinson b8477d
mkdir -p /var/cache/yum
Brian Stinson 8f9415
/usr/sbin/fixfiles -R -a restore
Brian Stinson b8477d
153a34
# remove these for ec2 debugging
153a34
sed -i -e 's/ rhgb quiet//' /boot/grub/grub.conf
153a34
153a34
cat > /etc/modprobe.d/blacklist-nouveau.conf << EOL
153a34
blacklist nouveau
153a34
EOL
153a34
153a34
# enable resizing on copied AMIs
153a34
echo 'install_items+=" sgdisk "' > /etc/dracut.conf.d/sgdisk.conf
153a34
153a34
echo 'add_drivers+="xen-netfront xen-blkfront "' > /etc/dracut.conf.d/xen.conf
153a34
# Rerun dracut for the installed kernel (not the running kernel):
153a34
KERNEL_VERSION=$(rpm -q kernel --qf '%{V}-%{R}.%{arch}\n')
153a34
dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
153a34
Brian Stinson b8477d
# reorder console entries
Brian Stinson b8477d
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
Brian Stinson b8477d
Brian Stinson 8f9415
true
Brian Stinson 8f9415
Brian Stinson b8477d
%end
Brian Stinson b8477d
Brian Stinson b8477d
%packages
Brian Stinson b8477d
@core
Brian Stinson b8477d
chrony
Brian Stinson b8477d
dnf
Brian Stinson b8477d
yum
Brian Stinson b8477d
cloud-init
Brian Stinson b8477d
cloud-utils-growpart
Brian Stinson b8477d
NetworkManager
Brian Stinson b8477d
dracut-config-generic
Brian Stinson b8477d
dracut-norescue
Brian Stinson b8477d
firewalld
Brian Stinson b8477d
grub2
Brian Stinson b8477d
kernel
Brian Stinson b8477d
nfs-utils
Brian Stinson b8477d
rsync
Brian Stinson b8477d
tar
Brian Stinson b8477d
dnf-utils
Brian Stinson 8f9415
yum-utils
Brian Stinson b8477d
-aic94xx-firmware
Brian Stinson b8477d
-alsa-firmware
Brian Stinson b8477d
-alsa-lib
Brian Stinson b8477d
-alsa-tools-firmware
Brian Stinson b8477d
-ivtv-firmware
Brian Stinson b8477d
-iwl100-firmware
Brian Stinson b8477d
-iwl1000-firmware
Brian Stinson b8477d
-iwl105-firmware
Brian Stinson b8477d
-iwl135-firmware
Brian Stinson b8477d
-iwl2000-firmware
Brian Stinson b8477d
-iwl2030-firmware
Brian Stinson b8477d
-iwl3160-firmware
Brian Stinson b8477d
-iwl3945-firmware
Brian Stinson b8477d
-iwl4965-firmware
Brian Stinson b8477d
-iwl5000-firmware
Brian Stinson b8477d
-iwl5150-firmware
Brian Stinson b8477d
-iwl6000-firmware
Brian Stinson b8477d
-iwl6000g2a-firmware
Brian Stinson b8477d
-iwl6000g2b-firmware
Brian Stinson b8477d
-iwl6050-firmware
Brian Stinson b8477d
-iwl7260-firmware
Brian Stinson b8477d
-libertas-sd8686-firmware
Brian Stinson b8477d
-libertas-sd8787-firmware
Brian Stinson b8477d
-libertas-usb8388-firmware
Brian Stinson b8477d
-biosdevname
Brian Stinson b8477d
-iprutils
Brian Stinson b8477d
-plymouth
Brian Stinson b8477d
Brian Stinson b8477d
python3-jsonschema
Brian Stinson b8477d
qemu-guest-agent
Brian Stinson b8477d
dhcp-client
Brian Stinson b8477d
cockpit-ws
Brian Stinson b8477d
cockpit-system
Brian Stinson b8477d
-langpacks-*
Brian Stinson b8477d
-langpacks-en
Brian Stinson b8477d
Brian Stinson b8477d
centos-release
Brian Stinson b8477d
rng-tools
Brian Stinson b8477d
%end