Skip to content

Instantly share code, notes, and snippets.

@JosiahKerley
Last active January 2, 2018 16:44
Show Gist options
  • Save JosiahKerley/050825601b97f9012945dd5c9e953474 to your computer and use it in GitHub Desktop.
Save JosiahKerley/050825601b97f9012945dd5c9e953474 to your computer and use it in GitHub Desktop.
## Onboard SD Card is --------> /dev/disk/by-path/pci-0000:00:1d.0-usb-0:1.3.1:1.0-scsi-0:0:0:0
## Leftmost disk is ----------> /dev/disk/by-path/pci-0000:00:1f.2-ata-1.0
## Center-leftmost disk is ---> /dev/disk/by-path/pci-0000:00:1f.2-ata-1.1
## Center-rightmost disk is --> /dev/disk/by-path/pci-0000:00:1f.2-ata-2.0
## Rightmost disk is ---------> /dev/disk/by-path/pci-0000:00:1f.2-ata-2.1
auth --enableshadow --passalgo=sha512
url --url=http://mirror.centos.org/centos/7/os/x86_64/
#url --url=http://192.168.1.254:8080/CentOS-7-x86_64-Everything-1708.iso
repo --name="epel" --baseurl=http://download.fedoraproject.org/pub/epel/7/x86_64
repo --name="mariadb" --baseurl=http://yum.mariadb.org/10.1/centos7-amd64
repo --name="gluster" --baseurl=http://mirror.centos.org/centos/7/storage/x86_64/gluster-3.13
repo --name="bareos" --baseurl=http://download.bareos.org/bareos/release/latest/RHEL_7
text
firstboot --enable
keyboard --vckeymap=us --xlayouts='us'
lang en_US.UTF-8
rootpw --iscrypted $1$changeme$Gc5uJM96SM5XUZNUcieKS/
services --enabled="chronyd"
timezone America/Denver --isUtc
reboot
## Networking
network --bootproto=dhcp --device=bond0 --ipv6=auto --bondslaves=eno1,eno2 --bondopts=miimon=1,updelay=0,downdelay=0,mode=balance-rr --no-activate
network --hostname=nas.kerley.io
## Raid
bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=/dev/disk/by-path/pci-0000:00:1f.2-ata-1.0
clearpart --all
part /boot --fstype="ext3" --size=512
part biosboot --fstype="biosboot" --size=2
part raid.1 --fstype="mdmember" --ondisk=/dev/disk/by-path/pci-0000:00:1f.2-ata-1.0 --size=16384 --grow
part raid.2 --fstype="mdmember" --ondisk=/dev/disk/by-path/pci-0000:00:1f.2-ata-1.1 --size=16384 --grow
part raid.3 --fstype="mdmember" --ondisk=/dev/disk/by-path/pci-0000:00:1f.2-ata-2.0 --size=16384 --grow
part raid.4 --fstype="mdmember" --ondisk=/dev/disk/by-path/pci-0000:00:1f.2-ata-2.1 --size=16384 --grow
raid pv.1 --fstype="lvmpv" --device=pv00 --level=RAID6 --chunksize=512 raid.1 raid.2 raid.3 raid.4
volgroup raid pv.1
logvol none --fstype="None" --size=16384 --thinpool --name=raidpool --vgname=raid --grow
logvol / --fstype="xfs" --size=16000 --thin --poolname=raidpool --name=root --vgname=raid
logvol /var --fstype="xfs" --percent=10 --thin --poolname=raidpool --name=var --vgname=raid
## Packages
%packages
@^minimal
@core
chrony
kexec-tools
tmux
nano
vim
iftop
htop
iotop
wget
bash
tree
python-pip
xz
aria2
parallel
ansible
nmap
iperf3
deltarpm
inotify-tools
yum-utils
MariaDB-server
MariaDB-shared
MariaDB-backup
MariaDB-compat
MariaDB-connect-engine
MariaDB-cracklib-password-check
MariaDB-devel
MariaDB-gssapi-client
MariaDB-gssapi-server
MariaDB-oqgraph-engine
MariaDB-test
xinetd
percona-xtrabackup
percona-xtrabackup-test
rsync
lsof
socat
jemalloc
MySQL-python
xfsprogs
mdadm
glusterfs-coreutils
glusterfs-geo-replication
glusterfs-resource-agents
pcs
ipmitool
pacemaker
resource-agents
fence-agents-all
pacemaker-remote
pacemaker-nagios-plugins-metadata
libvirt
libvirt-python
libguestfs-tools
libguestfs-xfs
httpd
php
php-cli
php-common
syslinux-tftpboot
syslinux
dnsmasq
p7zip
nginx
createrepo
python-crypto
libselinux-python
python-yaml
bareos-client
bareos-database-mysql
bareos-director
bareos-director-python-plugin
bareos-webui
bareos-filedaemon
bareos-storage-fifo
bareos-storage-glusterfs
bareos-storage-python-plugin
bareos-storage-tape
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
## Anaconda
%anaconda
pwpolicy root --minlen=6 --minquality=50 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=50 --notstrict --nochanges --notempty
pwpolicy luks --minlen=6 --minquality=50 --notstrict --nochanges --notempty
%end
##-->Post scripts<--##
%post
## Add password checker
cat > /etc/profile.d/passwdcheck.sh << 'BASH'
#!/bin/bash
if cat /etc/shadow | grep -E 'changeme'
then
echo 'CHANGE YOUR PASSWORD!!!'
sleep 5
echo 'run `echo YOURPASSWORDHERE|passwd --stdin`'
else
rm -f /etc/profile.d/passwdcheck.sh
fi
BASH
cat >> /etc/profile.d/disks.sh << 'BASH'
function disk-health(){
cat /var/log/smart.status
}
BASH
## Install webmin - http://www.webmin.com/rpm.html
cat > /opt/bootstrap-webmin.sh << BASH
#!/bin/bash
yum install -y perl perl-Net-SSLeay openssl perl-IO-Tty
yum install -y http://prdownloads.sourceforge.net/webadmin/webmin-1.870-1.noarch.rpm
chkconfig webmin on
service webmin start
firewall-cmd --add-port=10000/tcp --permanent
BASH
## Setup scripts
chmod +x /opt/*.sh /etc/profile.d/*
#bash /opt/*.sh
## Keys
mkdir -m 0700 /root/.ssh/
cat <<EOF >/root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ6Ubo++mO7+alt9gS4p5iOZ4n8IxvSiRxQhBCOg2/A7Lg8YrdWzGH2Y2ljApZoYSsn6EvU0++4NwEOfDUFJ+qHIO2LFMSwxC5WWTY2cbAAS01qjQ021mmKDxhrfouOF/gBfs0hAsyr7VLyxwZfi77ztD1TEYno41SAXC52AkSjZlRCUCdmg98506XQ097hj+UE/Spi24tQodrIeD/AskIoOsu/Nk1Z1JgM4Q9QL+8SRAFR/CBdii/XFg6EQUiteljfq0L2/taBG2qSz0QN6bXz3DoSMUGEWD5EBQmPrEmEoUnn6HKT0oxIHmHFA4zExI30Khm6SLRm/r9dXCcnDL7
EOF
chmod 0600 /root/.ssh/authorized_keys
restorecon -R /root/.ssh/
## Cron jobs
cat > /etc/cron.d/smart.cron << 'CRON'
@hourly root "rm -rf /var/log/smart.status; for i in `lsblk | awk '/disk/{print $1}'`; do if ! smartctl -H /dev/${i} | grep PASSED > /dev/null; then echo /dev/${i} is unhealthy > /var/log/smart.status; fi; done"
CRON
## Setup grub
sed -i 's/quiet/net.ifnames=0 console=ttyS1 quiet/g' /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg && touch /boot/.grub-setup.flag
## Update
yum update -y
package-cleanup --oldkernels --count=1
%end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment