Skip to content

Instantly share code, notes, and snippets.

@combatpoodle

combatpoodle/ks.cfg

Created October 14, 2015 20:45
Show Gist options
  • Save combatpoodle/adba8e777edbe27b098a to your computer and use it in GitHub Desktop.
Save combatpoodle/adba8e777edbe27b098a to your computer and use it in GitHub Desktop.
Download ZIP
RHEL7 kickstart
Raw
ks.cfg
# Base settings install
# Zero everything out...
zerombr
clearpart --all --initlabel
# Generic boot settings...
cdrom
lang en_US.UTF-8
keyboard 'us'
# Root password - from dd if=/dev/random bs=1k count=1 | md5sum | python -c "import crypt, getpass, sys, pwd; print crypt.crypt(sys.stdin.read(), '\$6\$saltgoeshere\$')"
# Crypting stuff is from http://unix.stackexchange.com/questions/52108/how-to-create-sha512-password-hashes-on-command-line - mileage may vary.
rootpw --iscrypted * --lock
# Network setup
network --onboot yes --device eth0 --bootproto dhcp --noipv6 --hostname=localhost.localdomain
timezone --utc UTC
# Base settings
firewall --enabled --trust eth0 --ssh
authconfig --enableshadow --passalgo=sha512
selinux --permissive
timezone --utc UTC
# Install in text mode, no X11
skipx
# Disk 1
# 256M -> /boot (NO LVM)
# Disk 2
# 40G -> /
# 4G -> /var
# 8G -> /opt
# 4G -> /home
# 1G -> /root
# Disk 2
# 20G -> /var/log
# Disk 3
# 20G -> /tmp
# Disk 4
# 256M -> /var/lib/elasticsearch (grows to max)
# 256M -> /var/lib/influxdb (grows to max)
part /boot --size=200 --grow --asprimary --ondrive=sda
part swap --size=1000 --grow --asprimary
part pv.0 --size=56000 --grow --asprimary --ondrive=sdb
part pv.1 --size=20000 --grow --asprimary --ondrive=sdc
part pv.2 --size=20000 --grow --asprimary --ondrive=sdd
part pv.3 --size=500 --grow --asprimary --ondrive=sde
volgroup vg.0 pv.0
volgroup vg.2 pv.2
volgroup vg.1 pv.1
volgroup vg.3 pv.3
logvol / --name=root --size=20000 --vgname vg.0
logvol /var --name=var --size=4000 --vgname vg.0
logvol /opt --name=opt --size=8000 --vgname vg.0
logvol /home --name=home --size=4000 --vgname vg.0
logvol /opt/ncprogs/backspools --name=backspools --size=20000 --vgname vg.0
logvol /tmp --name=tmp --size=10000 --vgname vg.2
logvol /var/spool --name=spool --size=10000 --vgname vg.2
logvol /var/log --name=varlog --size=20000 --vgname vg.1
logvol /var/lib/elasticsearch --name=elasticsearch --percent=60 --vgname vg.3
logvol /var/lib/influxdb --name=influxdb --percent=40 --vgname vg.3
# Install bootloader
bootloader --location=mbr --append="norhgb net.ifnames=0 biosdevname=0"
# Disable wonky stuff
firstboot --disabled
# Enable network and SSH
services --enabled network,sshd
# Reboot after setup
reboot
# Stuff in updates repos so we don't waste time there later...
repo --name=rhel-7-server --baseurl=http://10.1.158.119:8080/repos/rhel-7-server
repo --name=rhel-7-server-optional --baseurl=http://10.1.158.119:8080/repos/rhel-7-server-optional
repo --name=rhel-7-server-extras --baseurl=http://10.1.158.119:8080/repos/rhel-7-server-extras
# Install stuff
%packages --excludedocs --nobase
# Core group - we use all of it currently; this makes it a little easier to strip stuff out
@core
-ecryptfs-utils
rsyslog
# Tools you just need
bzip2
curl
gcc
kernel-devel
kernel-headers
make
net-tools
nfs-utils
openssh-clients
patch
perl
sudo
wget
vim
nano
telnet
# Unnecessary firmware (pulled from https://github.com/chef/bento/blob/master/http/centos-7.1)
-aic94xx-firmware
-atmel-firmware
-b43-openfwwf
-bfa-firmware
-ipw2100-firmware
-ipw2200-firmware
-ivtv-firmware
-iwl100-firmware
-iwl105-firmware
-iwl135-firmware
-iwl1000-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6000g2b-firmware
-iwl6050-firmware
-iwl7260-firmware
-libertas-usb8388-firmware
-libertas-sd8686-firmware
-libertas-sd8787-firmware
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
-ql2500-firmware
-rt61pci-firmware
-rt73usb-firmware
-xorg-x11-drv-ati-firmware
-zd1211-firmware
-fprintd-pam
-intltool
# Make sure Virtualbox Guest Extensions can build
kernel-devel
kernel-headers
zlib-devel
openssl-devel
readline-devel
sqlite-devel
perl
gcc
ruby
# Stuff for Puppet
libselinux-ruby
libX11
libXau
libXdmcp
tk
augeas-libs
# Base packages
gcc
gdb
git
iotop
postfix
python
python-libs
python-setuptools
rpm-build
screen
strace
# VMware tools (part 1 - part 2 comes from http://partnerweb.vmware.com/GOSIG/RHEL_7.html#Tools in virtualbox.sh)
open-vm-tools
%end
%post
# The request above to skip bluez-utils, dogtail, and systemtap is ignored due to something tweaky. So we compensate back to normal here. :/
yum -y erase gtk2 hicolor-icon-theme avahi freetype bitstream-vera-fonts gnome gnome-python2 libXt libXfixes libXxf86misc libXres libXft libXrender libXmu libXi libXcursor libXTrap libXxf86vm libXfontcache libXevie libXpm xorg-x11-server-Xvfb libXfont libXext libXrandr libXinerama libXtst libXaw gnome-mime-data
# Add Vagrant user and group. 501/20 matches the default user on OS X (in case you're thinking of using NFS in that context)
/usr/sbin/groupadd -g 501 vagrant
/usr/sbin/useradd -u 501 -g 501 -m vagrant
echo "vagrant"|passwd --stdin vagrant
echo 'Defaults:vagrant !requiretty' >> /etc/sudoers.d/vagrant
echo '%vagrant ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/vagrant
mkdir /home/vagrant/.ssh
cat <<THE_END > /home/vagrant/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
THE_END
chown vagrant:vagrant -R /home/vagrant/.ssh
chmod 700 /home/vagrant/.ssh
chmod 600 /home/vagrant/.ssh/authorized_keys
chcon -R unconfined_u:object_r:user_home_t:s0 /home/vagrant/.ssh
# Disable 'consistent network device naming' and make things act more or less reasonable in a VM-oriented context.
echo > /etc/udev/rules.d/70-persistent-net.rules
echo > /etc/udev/rules.d/75-persistent-net-generator.rules
sed -i'' -e '/UUID=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i'' -e '/HWADDR=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i'' -e '/DHCP_HOSTNAME=/d' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i'' -e 's/NM_CONTROLLED=.*/NM_CONTROLLED="no"/' /etc/sysconfig/network-scripts/ifcfg-eth0
# Disable rhnsd so we don't get automatic updates - needs discussion with The Operators. This is aimed at immutable stuff. YMMV.
service rhnsd stop || echo "ignore"
chkconfig rhnsd off
%end
Raw
packer-rhel7.1.json
{
"variables": {
"ip_address": "IP_ADDRESS",
"netmask": "255.255.255.0",
"gateway": "IP_ADDRESS",
"nameserver1": "IP_ADDRESS",
"nameserver2": "IP_ADDRESS",
"headless": "true",
"remote_type_info": "If you're building directly on ESX, set remote_type to 'esx'. Otherwise, leave it blank.",
"remote_type": "",
"exsi_info_1": "You only need to fill in the esxi_* variables if you're building on ESX. Otherwise, packer will build locally.",
"esxi_username": "",
"esxi_password": "",
"esxi_host": "",
"esxi_datastore": "",
"yum_caching_proxy_url": "",
"password": "vagrant",
"redhat_repo_base_url": "http://IP_ADDRESS/yum",
"iso_root": "http://IP_ADDRESS/yum/iso",
"role": "base",
"hiera": "hiera/null.yaml",
"post_command": " || [[ \"$?\" == \"2\" || \"$?\" == \"0\" ]] || (echo \"sleeping 90000 seconds due to failure; ctrl-Z to pause indefinitely\"; sleep 90000; exit 1)",
"memory": "4096",
"final_memory": "8192",
"cpu_count": "2",
"disk_boot": "4000",
"disk_common": "57000",
"disk_log": "21000",
"disk_tmp": "21000",
"disk_search": "100000",
"build_ip_info_1": "See https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/chap-anaconda-boot-options.html#tabl-boot-options-network-formats",
"build_ip_info_2": "Use 'dhcp' to set DHCP",
"build_ip_info_3": "Static configuration comes in the format ip=ip::gateway:netmask:hostname:interface:none",
"build_ip_info_4": "where the 'none' is the literal string 'none', indicating the configuration method",
"build_ip": "dhcp",
"post_info_1": "All of the post variables below set the final state of the machine up so that it it's just a single-button action to turn on and attach.",
"post_info_2": "When the box is booted, the settings below will take effect - so be careful to isolate your nets if you're swapping out VMs or anything like that.",
"post_hostname": "",
"post_domain": "",
"post_dns_1": "",
"post_dns_2": "",
"post_dns_3": "",
"post_ip_address_1": "",
"post_ip_address_2": "",
"post_netmask_1": "",
"post_netmask_2": "",
"post_gateway": ""
},
"builders": [
{
"name": "rhel7-vmware-base",
"type": "vmware-iso",
"vmdk_name": "disk",
"headless": "{{ user `headless` }}",
"remote_type": "{{ user `remote_type` }}",
"remote_username": "{{ user `esxi_username` }}",
"remote_password": "{{ user `esxi_password` }}",
"remote_host": "{{user `esxi_host` }}",
"remote_datastore": "{{ user `esxi_datastore` }}",
"remote_cache_directory": "/packer",
"vmx_data": {
"config.version": "8",
"ctkEnabled": "true",
"ethernet0.displayName": "Ethernet",
"ethernet0.virtualDev": "e1000",
"mem.hotadd": "true",
"memSize": "8192",
"numvcpus": "2",
"sched.cpu.shares": "normal",
"sched.mem.shares": "normal",
"softPowerOff": "false",
"svga.present": "true",
"svga.vramSize": "8388608",
"tools.upgrade.policy": "manual",
"virtualHW.version": "8"
},
"vmx_data_post": {
"numvcpus": "{{ user `cpu_count` }}",
"ethernet0.connectionType": "bridged",
"ethernet0.virtualdev": "vmxnet3",
"ethernet1.virtualdev": "vmxnet3",
"memsize": "{{ user `final_memory` }}",
"ide1:0.present": "false",
"tools.synctime": "false",
"toolscripts.afterpoweron": "true",
"toolscripts.afterresume": "true",
"toolscripts.beforesuspend": "true",
"toolscripts.beforepoweroff": "true",
"remotedisplay.vnc.enabled": "FALSE"
},
"guest_os_type": "rhel6-64",
"tools_upload_flavor": "linux",
"tools_upload_path": "/home/vagrant/linux.iso",
"disk_size": "{{ user `disk_boot` }}",
"disk_type_id": "0",
"disk_additional_size": [
"{{ user `disk_common` }}",
"{{ user `disk_log` }}",
"{{ user `disk_tmp` }}",
"{{ user `disk_search` }}"
],
"vmx_template_path": "templates/vmx/vmx-template-linux.vmx",
"vmx_disk_template_path": "templates/vmx/vmx-disk-template-linux.vmx",
"iso_url": "{{ user `iso_root` }}/rhel-server-7.1-x86_64-dvd.iso",
"iso_checksum": "2f44295b1b40b98d2ef694cc111dbb34f46151f38f60bd1db951d142a9d417b414e80b5981ca53e8f32e198ec264120b2b626ea86e2a5793a682d536ce78b1e0",
"iso_checksum_type": "sha512",
"http_directory": "kickstarts/rhel-7.1",
"output_directory": "rhel7-vmware-base",
"boot_command": "<up><tab> text net.ifnames=0 inst.ks=http://IP_ADDRESS/ks.cfg ip={{ user `build_ip` }}<enter><wait><enter><wait>",
"boot_wait": "5s",
"shutdown_command": "echo 'vagrant' | sudo -S /sbin/shutdown -h now",
"ssh_username": "vagrant",
"ssh_password": "vagrant",
"ssh_wait_timeout": "1000s",
"vm_name": "rhel7-vmware-base"
},
{
"name": "rhel7-virtualbox-base",
"type": "virtualbox-iso",
"headless": "{{ user `headless` }}",
"guest_os_type": "RedHat_64",
"guest_additions_mode": "upload",
"guest_additions_path": "VBoxGuestAdditions.iso",
"virtualbox_version_file": ".vbox_version",
"disk_size": "{{ user `disk_boot` }}",
"hard_drive_interface": "sata",
"vboxmanage": [
[
"modifyvm",
"{{.Name}}",
"--cpus",
"{{ user `cpu_count` }}"
],
[
"modifyvm",
"{{.Name}}",
"--memory",
"{{ user `final_memory` }}"
],
[
"createhd",
"--format",
"VDI",
"--filename",
"disk2.vdi",
"--size",
"{{ user `disk_common` }}"
],
[
"storageattach",
"{{.Name}}",
"--storagectl",
"SATA Controller",
"--port",
"1",
"--type",
"hdd",
"--medium",
"disk2.vdi"
],
[
"createhd",
"--format",
"VDI",
"--filename",
"disk3.vdi",
"--size",
"{{ user `disk_log` }}"
],
[
"storageattach",
"{{.Name}}",
"--storagectl",
"SATA Controller",
"--port",
"2",
"--type",
"hdd",
"--medium",
"disk3.vdi"
],
[
"createhd",
"--format",
"VDI",
"--filename",
"disk4.vdi",
"--size",
"{{ user `disk_tmp` }}"
],
[
"storageattach",
"{{.Name}}",
"--storagectl",
"SATA Controller",
"--port",
"3",
"--type",
"hdd",
"--medium",
"disk4.vdi"
],
[
"createhd",
"--format",
"VDI",
"--filename",
"disk5.vdi",
"--size",
"{{ user `disk_search` }}"
],
[
"storageattach",
"{{.Name}}",
"--storagectl",
"SATA Controller",
"--port",
"4",
"--type",
"hdd",
"--medium",
"disk5.vdi"
]
],
"iso_url": "{{ user `iso_root` }}/rhel-server-7.1-x86_64-dvd.iso",
"iso_checksum": "2f44295b1b40b98d2ef694cc111dbb34f46151f38f60bd1db951d142a9d417b414e80b5981ca53e8f32e198ec264120b2b626ea86e2a5793a682d536ce78b1e0",
"iso_checksum_type": "sha512",
"http_directory": "kickstarts/rhel-7.1",
"output_directory": "rhel7-virtualbox-base",
"boot_command": "<up><tab> text net.ifnames=0 inst.ks=http://IP_ADDRESS/ks.cfg ip={{ user `build_ip` }}<enter><wait><enter><wait>",
"boot_wait": "5s",
"shutdown_command": "echo 'vagrant' | sudo -S /sbin/shutdown -h now",
"ssh_username": "vagrant",
"ssh_password": "vagrant",
"ssh_wait_timeout": "1000s",
"vm_name": "rhel7-virtualbox-base"
}
],
"provisioners": [
{
"type": "shell",
"execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}' {{ user `post_command` }}",
"environment_vars": [
"REDHAT_REPO_BASE_URL={{ user `redhat_repo_base_url` }}",
"YUM_CACHING_PROXY_URL={{ user `yum_caching_proxy_url` }}",
"POST_DOMAIN={{ user `post_domain` }}",
"POST_HOSTNAME={{ user `post_hostname` }}",
"POST_IP_ADDRESS_1={{ user `post_ip_address_1` }}",
"POST_IP_ADDRESS_2={{ user `post_ip_address_2` }}",
"POST_NETMASK_1={{ user `post_netmask_1` }}",
"POST_NETMASK_2={{ user `post_netmask_2` }}",
"POST_DNS1={{ user `post_dns1` }}",
"POST_DNS2={{ user `post_dns2` }}",
"POST_DNS3={{ user `post_dns3` }}",
"POST_GATEWAY={{ user `post_gateway` }}",
"PASSWORD={{ user `password` }}"
],
"scripts": [
"scripts/linux/bare.sh",
"scripts/linux/virtualbox.sh",
"scripts/linux/facter.sh",
"scripts/linux/sanity_check.sh"
]
},
{
"type": "file",
"source": "provisioners/puppeteer/puppet",
"destination": "/tmp/puppet"
},
{
"type": "shell",
"inline": "sudo cp -a /tmp/puppet/* /etc/puppet/; rm -rf /tmp/puppet"
},
{
"type": "puppet-masterless",
"execute_command": "{{.FacterVars}}{{if .Sudo}} sudo -E {{end}}puppet apply --verbose --debug --parser future --modulepath='/etc/puppet/modules' --hiera_config='/etc/puppet/{{ user `hiera` }}' --manifestdir='/etc/puppet/manifests' --detailed-exitcodes /etc/puppet/manifests/site.pp {{ user `post_command` }}",
"facter": {
"server_tags": "role:{{ user `role` }}=true",
"redhat_repo_base_url": "{{ user `redhat_repo_base_url` }}"
},
"hiera_config_path": "provisioners/puppeteer/puppet/{{ user `hiera` }}",
"manifest_file": "provisioners/puppeteer/puppet/manifests/site.pp",
"module_paths": [
"provisioners/puppeteer/puppet/modules/"
],
"staging_directory": "/tmp/packer-puppet-masterless/puppet"
},
{
"type": "shell",
"execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}' {{ user `post_command` }}",
"environment_vars": [
"REDHAT_REPO_BASE_URL={{ user `redhat_repo_base_url` }}",
"YUM_CACHING_PROXY_URL={{ user `yum_caching_proxy_url` }}",
"POST_DOMAIN={{ user `post_domain` }}",
"POST_HOSTNAME={{ user `post_hostname` }}",
"POST_IP_ADDRESS_1={{ user `post_ip_address_1` }}",
"POST_IP_ADDRESS_2={{ user `post_ip_address_2` }}",
"POST_NETMASK_1={{ user `post_netmask_1` }}",
"POST_NETMASK_2={{ user `post_netmask_2` }}",
"POST_DNS1={{ user `post_dns1` }}",
"POST_DNS2={{ user `post_dns2` }}",
"POST_DNS3={{ user `post_dns3` }}",
"POST_GATEWAY={{ user `post_gateway` }}",
"PASSWORD={{ user `password` }}"
],
"scripts": [
"scripts/linux/sensus-harden.sh",
"scripts/linux/ipaddress.sh",
"scripts/linux/password.sh",
"scripts/linux/cleanup.sh"
]
},
{
"type": "shell",
"inline": [
"echo Sleeping 90 so you can interrupt - run pkill -f sleep to continue.",
"sleep 90 || true"
]
}
],
"post-processors": []
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment