Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # System authorization information
- auth --enableshadow --passalgo=sha512
- # Use network installation
- url --url="http://linuxsoft.cern.ch/cern/centos/7/os/x86_64/"
- # Use graphical install
- #graphical
- # Run the Setup Agent on first boot
- firstboot --enable
- ignoredisk --only-use=sdy
- # Keyboard layouts
- keyboard --vckeymap=us --xlayouts='us'
- # System language
- lang en_US.UTF-8
- # Network information
- network --bootproto=dhcp --device=ens34 --ipv6=auto --activate
- # Root password
- rootpw --iscrypted :):|:(
- # System timezone
- timezone Europe/Zurich --isUtc --isUtc --ntpservers=myntp01,myntp02
- #text
- #skipx
- # Partition clearing information
- clearpart --all --initlabel --drives=sdy
- #%include /tmp/ks-partition.cfg
- # Disk partitioning information
- part /boot/efi --fstype=efi --grow --maxsize=200 --size=20 # <-------- BIG NEWS !!!
- #
- # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-bootloader-x86
- # UEFI systems
- # Only GPT is allowed on UEFI systems. In order to install on a formatted disk with a MBR, you must first reformat it.
- # You need to create an EFI System Partition (/boot/efi), regardless of the partitioning scheme. The /boot/efi partition should be at least 50 MB in size; its recommended size is 200 MB.
- #
- part / --fstype="xfs" --ondisk=sdy --size=9536 --label=/
- part /boot --fstype="xfs" --ondisk=sdy --size=1200 --label=/boot
- part swap --fstype="swap" --ondisk=sdy --size=10000
- part /var --fstype="xfs" --ondisk=sdy --size=20000 --label=/var
- part /var/log --fstype="xfs" --ondisk=sdy --size=25000 --label=/var/log
- part /var/log/audit --fstype="xfs" --ondisk=sdy --size=2000 --label=/var/log/audit
- part /usr/vice/cache --fstype="xfs" --fsoptions="nodev,async,noatime" --size=10000 --ondisk=sdy --grow --label=/usr/vice/cache
- part /tmp --label=/tmp --fstype="xfs" --size=10000 --fsoptions="nodev,async,nosuid,noexec" --ondisk=sdy
- bootloader --location=mbr # On a GPT-formatted disk, this option installs stage 1.5 of the boot loader into the BIOS boot partition.
- reboot
- %packages --ignoremissing
- @core
- @system-admin-tools
- @hardware-monitoring
- @emacs
- @network-file-system-client
- augeas-libs
- authconfig-gtk
- autogen-libopts
- bc
- createrepo
- curl
- dstat
- elinks
- git
- htop
- iftop
- kexec-tools
- krb5-workstation
- libselinux-ruby
- libyaml
- lsof
- mlocate
- net-tools
- nss-pam-ldapd
- ntp
- ntpdate
- ossec-hids-client
- pciutils
- openafs
- kmod-openafs
- openafs-client
- openafs-krb5
- openafs-authlibs
- krb5-workstation
- puppet
- python-sssdconfig
- ruby
- ruby-irb
- ruby-libs
- rubygem-bigdecimal
- rubygem-io-console
- rubygem-json
- rubygem-psych
- rubygem-rdoc
- rubygems
- salt-minion
- sssd-client
- sssd-ldap
- sssd-proxy
- strace
- vim
- wget
- yum-plugin-priorities
- yum-plugin-ps
- -bind
- -cern-linuxsupport-access
- -dovecot
- -glusterfs
- -httpd
- -iwl100-firmware
- -iwl1000-firmware
- -iwl105-firmware
- -iwl135-firmware
- -iwl2000-firmware
- -iwl2030-firmware
- -iwl3160-firmware
- -iwl3945-firmware
- -iwl4965-firmware
- -iwl5000-firmware
- -iwl5150-firmware
- -iwl6000-firmware
- -iwl6000g2a-firmware
- -iwl6000g2b-firmware
- -iwl6050-firmware
- -iwl7260-firmware
- -net-snmp
- -ocsinventory-agent
- -rsh
- -rsh-server
- -samba
- -squid
- -talk
- -talk-server
- -telnet
- -telnet-server
- -tftp
- -vsftpd
- -xinetd
- -ypbind
- -ypserv
- %end
- %addon com_redhat_kdump --enable --reserve-mb='auto'
- %end
- %pre --interpreter=/usr/bin/bash --log=/tmp/pre.log
- echo "### Begin of %pre"
- cat /proc/cmdline
- echo "### End of %pre"
- %end
- %post --nochroot --interpreter=/usr/bin/bash --log=/mnt/sysimage/var/log/post_nochroot.log
- echo "### Begin of %post --nochroot"
- [ -f /tmp/pre.log ] && mv /tmp/pre.log /mnt/sysimage/var/log/
- # cat /mnt/sysimage/var/log/pre.log
- # ### Begin of %pre
- # initrd=scientific/71/x86_64/initrd.img inst.repo=http://linuxsoft.cern.ch/cern/centos/7/os/x86_64/ inst.sshd inst.text inst.loglevel=debug inst.syslog=t3service01.psi.ch:1514
- # ks=http://linux.web.psi.ch/kickstart/configs/centos71-t3.ks BOOT_IMAGE=scientific/71/x86_64/vmlinuz a=b c=d f=hhhh
- # ### End of %pre
- # egrep -o c=[a-zA-Z]* pre.log
- # c=d
- echo "### End of %post --nochroot"
- %end
- %post --interpreter=/usr/bin/bash --log=/var/log/post.log
- echo "### Begin of %post"
- [ -f /etc/yum.repos.d/epel.repo ] && sed -i 's/^enabled=1$/enabled=0/' /etc/yum.repos.d/epel.repo
- mkdir -p /usr/vice/etc/
- echo mycell > /usr/vice/etc/ThisCell
- systemctl enable openafs-client
- systemctl status openafs-client
- systemctl start openafs-client
- ######### T3 facts
- mkdir -p /etc/facter/facts.d
- cat << EOF > /etc/facter/facts.d/psi
- #!/bin/bash
- EOF
- # see %post --nochroot section
- cd /var/log/
- egrep -o zone=[a-zA-Z1-9]* pre.log | awk '{ print "echo "$1 }' >> /etc/facter/facts.d/psi
- egrep -o role=[a-zA-Z1-9]* pre.log | awk '{ print "echo "$1 }' >> /etc/facter/facts.d/psi
- egrep -o set=[a-zA-Z1-9]* pre.log | awk '{ print "echo "$1 }' >> /etc/facter/facts.d/psi
- chmod ugo+x,ugo-w /etc/facter/facts.d/psi
- cd -
- #####################
- # CIS pag 53 https://benchmarks.cisecurity.org/downloads/form/index.cfm?download=rhel7.100
- cd /usr/lib/systemd/system/ && rm -f default.target && ln -s multi-user.target default.target && cd -
- systemctl enable ntpd
- systemctl restart ntpd
- cat << EOF > /etc/modprobe.d/CIS.conf
- install cramfs /bin/true
- install freevxfs /bin/true
- install jffs2 /bin/true
- install hfs /bin/true
- install hfsplus /bin/true
- install squashfs /bin/true
- install udf /bin/true
- install dccp /bin/true
- install sctp /bin/true
- install rds /bin/true
- install tipc /bin/true
- EOF
- yum install puppet -y
- yum -y update
- echo "### End of %post"
- %end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
