blob: 3f3eb3e3afe8ecf74bb144f9e4986189dcc0f00a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
#version=DEVEL
# System authorization information
auth --enableshadow --passalgo=sha512
# Use CDROM installation media
#cdrom
# Use URL as install media
url --url=http://INSTALLSERVER/install/centos/7/os/x86_64/
#url --url=http://mirror.centos.org/centos/7/os/x86_64/
# Use text mode install
text
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=USEDISK
# Keyboard layouts
keyboard --vckeymap=us --xlayouts=''
# System language
lang en_US.UTF-8
# Network information
network --bootproto=static --device=eno1 --gateway=PRIGATEWAY --ip=PRIIP --netmask=PRINETMASK --nameserver=PRINAMESERVERS --ipv6=auto
network --bootproto=static --device=eno2 --onboot=off --ipv6=auto
network --bootproto=static --device=eno3 --onboot=off --ipv6=auto
network --bootproto=static --device=eno4 --onboot=off --ipv6=auto
network --bootproto=static --device=eno5 --onboot=off --ipv6=auto
network --bootproto=static --device=eno6 --onboot=off --ipv6=auto
network --bootproto=static --device=eno7 --onboot=off --ipv6=auto
network --bootproto=static --device=eno8 --ip=SECIP --netmask=SECNETMASK --nodefroute --onboot=on --ipv6=auto
network --hostname=HOSTNAME.DOMAIN
# Root password
rootpw --iscrypted $6$BDD,Ee9.cqMe3zgI$yWLZMb5cORNSJyD0oJcLWVKX.p876wjDp2hrbPH0jqK/LmZgzQ9cP5qiEGHzqGMGNSwk/HGJXPxDbTwqNbuIw1
# System services
services --enabled="chronyd"
# Do not configure the X Window System
skipx
# System timezone
timezone Europe/Copenhagen --isUtc
user --name=jac --password=$6$t3nu7Hd9pAQCpy7J$uRbZOadIBN7AeRdQwG67ac4OD5nDCK9vb2wWlR1PWwovE7ssu/MngMsViP71ITVuij84.aF6a2c5IhTcYZv.0. --iscrypted --gecos="Jon Clausen" --groups=wheel
# System bootloader configuration
bootloader --append=" crashkernel=auto elevator=deadline KRNLCMDLINE" --location=mbr --boot-drive=BOOTDEV
autopart --type=lvm
# Partition clearing information
clearpart --all --initlabel --drives=CLEARPART
# Boot the installed system automatically once the install finishes;
reboot
%packages
@core
chrony
kexec-tools
%end
%pre
# %pre
%end
%post
# %post
# disallow root login via ssh:
/bin/sed -i '' -e 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
/bin/sed -i '' -e 's/#ListenAddress 0.0.0.0/ListenAddress PRIIP/' /etc/ssh/sshd_config
/bin/sed -i '' -e 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
# Install and enable rngd, to take advantage of HWRNG
yum install -y rngd
systemctl enable rngd
systemctl start rngd
# Set up secondary interface routing:
echo -e "1024\tmi-01" >>/etc/iproute2/rt_tables
echo "default table mi-01 via SECGATEWAY" \
>/etc/sysconfig/network-scripts/route-eno8
echo "from SECGATEWAY table mi-01" >/etc/sysconfig/network-scripts/rule-eno8
# try to get access to the screen:
#exec < /dev/tty6 > /dev/tty6
#chvt 6
# backticks don't work, but $() does
CosmosHash=$(cat /proc/cmdline | sed -e 's/.*cosmoshash=//')
if [ -z ${CosmosHash} ]
then
echo "cannot get cosmos hash from cmdline, not running cosmos-bootstrap"
elif [ "${CosmosHash}" = "disabled" ]
then
echo "cosmos bootstrap disabled on kernel cmdline"
else
curl -o /tmp/cosmos-bootstrap "https://git.nordu.net/?p=ndn-iaas.git;a=blob_plain;f=bootstrap/cosmos-bootstrap;hb=HEAD"
chmod +x /tmp/cosmos-bootstrap
/tmp/cosmos-bootstrap "http://gitproxy.nordu.net/ndn-sysconf.git" ${CosmosHash} COSMOSTAG
fi
# return to the first vt
#chvt 1
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
|
