-
Notifications
You must be signed in to change notification settings - Fork 63
/
ks.cfg
199 lines (157 loc) · 5.11 KB
/
ks.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
#version=RHEL7
# Install OS instead of upgrade
install
# Install from an installation tree on a remote server
# Required when using a minimal ISO
url --url=http://mirror.centos.org/centos/$releasever/os/$basearch/
text
poweroff
# System keyboard
keyboard us
# System language
lang en_US.UTF-8
# Setup network interfaces via DHCP
network --device=eth0 --bootproto=dhcp --onboot=yes --activate
# Set repo to mirror.centos.org
repo --name="CentOS" --baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ --cost=100
repo --name="Updates" --baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ --cost=100
#set root pw here (required by KS), remove pw in post
rootpw temp
firewall --enabled --service=ssh
authconfig --enableshadow --passalgo=sha512
firstboot --disabled
# SELinux configuration
# By default, selinux is enforcing
#selinux --enforcing
selinux --permissive
# Services
services --enabled=ntpd,ntpdate
# Installation logging level
logging --level=debug
# System timezone
timezone Etc/UTC
# System bootloader configuration
bootloader --location=mbr --driveorder=vda --append="tsc=reliable divider=10 plymouth.enable=0 console=ttyS0"
# Clear the Master Boot Record
zerombr
# Automatically create partitions, no LVM
autopart --nolvm
# Partition clearing information
clearpart --all --initlabel
%packages
@core --nodefaults
acpid
iputils
man
net-tools
ntp
ntpdate
parted
vim-enhanced
wget
# Exclude packages that are not needed in a VM image
-aic94xx-firmware
-alsa-*
-btrfs-progs*
-centos-logos
-dracut-config-rescue
-dracut-network
-microcode_ctl
-NetworkManager*
-ivtv-firmware
-iwl*firmware
-plymouth*
%end
%post --nochroot --log=/mnt/sysimage/var/log/ks.post01.log
#!/bin/bash
set -x
# Install sdc-vmtools guest tools
echo "Installing SmartOS VM Guest Tools..."
sdcvmtools="/run/install/repo/sdc-vmtools/src/linux"
sysimage="/mnt/sysimage"
cp -r ${sdcvmtools}/lib/smartdc ${sysimage}/lib/
cp -r ${sdcvmtools}/usr/sbin/mdata-* ${sysimage}/usr/sbin/
cp -r ${sdcvmtools}/usr/share/man/man1/mdata-* ${sysimage}/usr/share/man/man1/
ln -s /usr/sbin/mdata-get ${sysimage}/lib/smartdc/mdata-get
mv ${sysimage}/etc/rc.d/rc.local ${sysimage}/etc/rc.d/rc.local-backup
ln -s /lib/smartdc/joyent_rc.local ${sysimage}/etc/rc.d/rc.local
chmod 755 ${sysimage}/etc/rc.d/rc.local
echo "SmartOS VM Guest Tools installed"
%end
%post --log=/var/log/ks.post02.log
#!/bin/bash
set -x
# Remove root password
echo "Removing root password"
passwd -d root
## Build date used for motd and product file
BUILDDATE=$(date +%Y%m%d)
NAME="CentOS 7.4"
DOCS="https://docs.joyent.com/images/linux/centos"
# Create MOTD
echo "Creating /etc/motd"
mv /etc/motd /etc/motd-backup
cat << MOTD > /etc/motd
__ . .
_| |_ | .-. . . .-. :--. |-
|_ _| ;| || |(.-' | | |
|__| \`--' \`-' \`;-| \`-' ' ' \`-'
/ ; Instance ($NAME $BUILDDATE)
\`-' $DOCS
MOTD
# MOTD symlinks
echo "Creating /etc/motd symlinks"
ln -sf /etc/motd /etc/issue
ln -sf /etc/motd /etc/issue.net
# Create product file
echo "Creating /etc/product file"
cat << PRODUCT > /etc/product
Name: Joyent Instance
Image: $NAME $BUILDDATE
Documentation: $DOCS
Description: $NAME 64-bit image with just essential packages installed. Ideal for users who are comfortable with setting up their own environment and tools.
PRODUCT
# Make sure we have the latest security updates
echo "Updating packages"
/usr/bin/yum clean all
/usr/bin/yum update -y
# Install Node.js and json via EPEL
/usr/bin/yum install -y epel-release
/usr/bin/yum install -y nodejs
/usr/bin/npm install -g json
# Clean up all yum caches
echo "Cleaning up yum caches"
/usr/bin/yum clean all
# Clean up network devices
echo "Cleaning up network devices"
/bin/rm -f /etc/udev/rules.d/70-persistent-net.rules
/bin/rm -rf /etc/sysconfig/network-scripts/ifcfg-*
/bin/find /var/lib/dhclient -type f -exec rm -f '{}' +
# Remove hostname
echo "Clearing out /etc/hostname"
cat /dev/null > /etc/hostname
# Tune Linux vm.dirty_background_bytes (IMAGE-439)
# The following tuning causes dirty data to begin to be background flushed at
# 100 Mbytes, so that it writes earlier and more often to avoid a large build
# up and improving overall throughput.
echo "Setting vm.dirty_background_bytes"
echo "vm.dirty_background_bytes=100000000" >> /etc/sysctl.conf
# Disable password auth. SSH logon is via ssh key only. A password is being set
# for root via the image manifest per IMAGE-459.
echo "Disabling password auth in sshd_config"
sed s/PasswordAuthentication\ yes/PasswordAuthentication\ no/ -i /etc/ssh/sshd_config
# Disable kdump
echo "Disabling kdump"
systemctl disable kdump.service
# Ensure we have sane and consistent defaults for ntp.conf
sed s/restrict\ default\ nomodify\ notrap\ nopeer\ noquery/restrict\ default\ kod\ nomodify\ notrap\ nopeer\ noquery/ -i /etc/ntp.conf
# For IPv6
echo "restrict -6 default kod nomodify notrap nopeer noquery" >> /etc/ntp.conf
sed s/restrict\ ::1/restrict\ -6\ ::1/ -i /etc/ntp.conf
# Clean up files
echo "Ceaning up build files"
/bin/rm -rf /root/anaconda-ks.cfg
/bin/rm -rf /tmp/.npm/
/bin/rm -rf /tmp/ks-script*
/bin/rm -rf /var/log/anaconda
%end