Skip to content

Instantly share code, notes, and snippets.

@RickyCook

RickyCook/ks.cfg

Last active July 30, 2016 06:31
Show Gist options
  • Save RickyCook/bb482f0e36c72ddf702f7c7dbad742b9 to your computer and use it in GitHub Desktop.
Save RickyCook/bb482f0e36c72ddf702f7c7dbad742b9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ks.cfg
install
text
skipx
unsupported_hardware
lang en_AU.UTF-8
timezone Australia/Melbourne
keyboard us
network --bootproto=dhcp
url --url=http://mirror.centos.org/centos/7/os/$basearch/
repo --install --name=base --baseurl=http://mirror.centos.org/centos/7/os/$basearch/
repo --install --name=elrepo-kernel --baseurl=http://elrepo.org/linux/kernel/el7/$basearch/
repo --install --name=puppetlabs-pc1 --baseurl=https://yum.puppetlabs.com/el/7/PC1/$basearch/
rootpw packer
auth --enableshadow --passalgo=sha512 --kickstart
firstboot --disabled
eula --agreed
firewall --disabled
selinux --enforcing
bootloader --location=mbr
zerombr
clearpart --all --initlabel
part btrfs.root --grow
btrfs / --label=root btrfs.root
part /boot --fstype="xfs" --size=500
services --enabled=NetworkManager,sshd
reboot
user --name=packer --plaintext --password packer --groups=packer,wheel
%packages --ignoremissing --excludedocs
@Core
kernel-ml
kernel-ml-headers
kernel-ml-devel
cloud-init
dnf
git
puppet
mcollective
facter
# unnecessary firmware
-alsa*
-aic*-firmware
-bfa-firmware
-ivtv-firmware
-iwl*-firmware
-libertas-*-firmware
-ql*-firmware
%end
%post
# sudo
echo "packer ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/packer
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
yum clean all
mkdir -p /etc/puppetlabs/facter/facts.d
### HIERA EYAML PUB KEY ###
mkdir -p /etc/puppetlabs/puppet/secure/keys
cat <<END > /etc/puppetlabs/puppet/secure/keys/public_key.pkcs7.pem
-----BEGIN CERTIFICATE-----
MIIC2TCCAcGgAwIBAgIBATANBgkqhkiG9w0BAQUFADAAMCAXDTE2MDcyNzA2MjEz
OVoYDzIwNjYwNzE1MDYyMTM5WjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAy+5fH0Io+N+H0MxgqvOZ97eNg2N56+3rDeaRKYktSdSsYm03nWdQfYxo
Qkol9CYe3fP4tJsMkgNn7iL/sCYFxbyf4/hodYVWxwzelyKQn5omHg8GfUM2d2JQ
AhWxf+C51nH+IkTM7/SteNES6jmPQNmo0WQR/0NSBTwDADWrjdn1eyD3umeKmeAh
SqUOA0XMRVegkarcgx850et50OZuDgPDz66aM7xU+uDiurzyhO2lja3VJy2ArDLb
7U97ELA4/t2JFf+XznRveWLCjd4cNZNk/q7QIXQDK/7YbPfvAmxtD572OPMDK2+p
yRupaEYPByO4Y9Yv6ji4b4u8tKFTzwIDAQABo1wwWjAPBgNVHRMBAf8EBTADAQH/
MB0GA1UdDgQWBBRnYV6WVpFFPlzNW/5fSJ9p1EP+fTAoBgNVHSMEITAfgBRnYV6W
VpFFPlzNW/5fSJ9p1EP+faEEpAIwAIIBATANBgkqhkiG9w0BAQUFAAOCAQEAr74Q
lma/eHU1K49M2S9KakZuOPuNNGWSD/Nb9lkkPTsUKHdZKV1ifX83/CZyoqqU0Qro
JoH8/F2CCFMaJIWol+uQJLH5+taMVd/TAZRIiIEH/6Kz+2M+oRbELVYm+wqG9uFY
e0wfMq+jfkwDFkzBNKOrTDz57uh1OwIfBGW/af3a5rUTfQ+9843EqNdKKpAuq36/
Jr3SpEsESxxmAJHNyhRv/RdLdvqOzALhCs4NLCTLNFLCefVCHdAFagwmeC+hIulx
t02d4AAMigOpnyO6u8t2NJgkByoK7TIJUU3vuTTYJ/VcaMqSHMPt2mFA/PZHHdJe
aSnKMf3KG8Z/KNz4cQ==
-----END CERTIFICATE-----
END
### SSH PUB KEY FOR INFRA CHECKOUT ###
mkdir -p /root/.ssh
chmod 700 /root/.ssh
cat <<END > /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzHrhXfqpppdcOCGugF7E57wBcdReABaK/ZybSh6TEvzTb+btm/DoJrlWpZXHFSSg6KKnrTDl4+XEQK7JDAKAYIexCh8ylPjq8gSmzL9JtHGR0D0cH8zESbLPfFvBaZ/84YxRe35+gGEDO+r+v6WwDf4tYbTaO1LoXzymk+IEA8K2guaWcRaHmbNn2jQVV7URyfbPUtpPB18Tam2yEZLjvDTwxlTFbuRINdVrV/gd54tiDsAUtbujBds8p93iAxF6QcwTJVYJw/jiEFyToOJEasCShxsQuNjPZcbO+DjeL+I18b7JDo5QqAMwW+lGlwEDbDjX/Z9hUNhruykWc15gL
END
### MANAGE KNOWN HOSTS ###
cat <<END > /root/.ssh/known_hosts
github.com,192.30.253.113 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
END
### PUPPET CONFIGS ###
cat <<END > /etc/puppetlabs/r10k/r10k.conf
sources:
main:
remote: git+ssh://[email protected]/sprucedev/infrastructure.git
basedir: /etc/puppetlabs/code/environments
END
cat <<END > /etc/puppetlabs/puppet/hiera.yaml
:backends:
- eyaml
- yaml
:hierarchy:
- roles/%{::role}
- landscape/%{::landscape}
- location/%{::location}
- default
:yaml:
:datadir: /etc/puppetlabs/code/environments/%{::environment}
:eyaml:
:extension: yaml
:datadir: /etc/puppetlabs/code/environments/%{::environment}
:pkcs7_private_key: /etc/puppetlabs/puppet/secure/keys/private_key.pkcs7.pem
:pkcs7_public_key: /etc/puppetlabs/puppet/secure/keys/public_key.pkcs7.pem
END
### INFRA SETUP SCRIPT ###
mkdir -p /etc/puppetlabs/r10k
cat <<END > /usr/local/bin/spruce-infra-setup.sh
#!/bin/bash
r10k deploy environment -p master
puppet apply --test --execute 'include "role::${role}"'
END
chmod +x /usr/local/bin/spruce-infra-setup.sh
### INFRA CLEANUP SCRIPT ###
cat <<END > /usr/local/bin/spruce-infra-cleanup.sh
#!/bin/bash
rm -rf /etc/puppetlabs/puppet/secure
rm -f /root/.ssh/id_rsa*
rm -f /var/lib/cloud/instance/{cloud-config.txt,user-data.txt*}
END
chmod +x /usr/local/bin/spruce-infra-cleanup.sh
### SYSTEMD INFRA SETUP ###
cat <<END > /etc/systemd/system/spruce-infra-setup.service
[Unit]
Description=Checkout infra repo and run Puppet
After=cloud-final.service
Requires=cloud-final.service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/spruce-infra-setup.sh
StandardOutput=journal+console
[Install]
WantedBy=multi-user.target
END
### SYSTEMD INFRA CLEANUP ###
cat <<END > /etc/systemd/system/spruce-infra-cleanup.service
[Unit]
Description=Purge private keys from disk
After=spruce-infra-setup.service
Requires=spruce-infra-setup.service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/spruce-infra-cleanup.sh
StandardOutput=journal+console
[Install]
WantedBy=multi-user.target
END
### ENABLE INFRA SCRIPTS ###
systemctl enable spruce-infra-setup.service
systemctl enable spruce-infra-cleanup.service
%end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment