#import json # WHAT TO DO (install fresh system rather than upgrade) install # INSTALLATION SOURCE (centos repository) #set $repo_setup = json.loads($getVar("repo_setup")) #set $repo = $repo_setup["repos"][0] url --url=$repo["uri"] #if $varExists("repo_setup") # REPOSITORIES FROM Nailgun #set $repos = $repo_setup["repos"][1:] #for $repo in $repos repo --name=$repo["name"] --baseurl=$repo["uri"] #end for #else # ALTERNATIVE REPOSITORIES (PRESET) <% @ks_repo.each do |repo| %> repo --name=<%= repo['name'] %> --baseurl=<%= repo['url'] %> <% end %> #end if # KEYBOARD AND LANGUAGE CUSTOMIZATION lang en_US.UTF-8 keyboard us # WHICH TIMEZONE TO USE ON INSTALLED SYSTEM timezone --utc <%= @ks_system_timezone %> # REBOOT AFTER INSTALLATION reboot firewall --disable zerombr # SET ROOT PASSWORD DEFAULT IS r00tme rootpw --iscrypted <%= @ks_encrypted_root_password %> # AUTHENTICATION CUSTOMIZATION authconfig --enableshadow --passalgo=sha512 # DISABLE SELINUX ON INSTALLED SYSTEM selinux --disabled # INSTALL IN TEXT MODE text # SKIP CONFIGURING X skipx # Suppress "unsupported hardware" warning unsupported_hardware # SSH user and some unknown random password, # we're going to use SSH keys anyway sshpw --username root --iscrypted $6$tCD3X7ji$1urw6qEMDkVxOkD33k2jjklHSDG2hg2234kJHESJ3hwhsjHshSJshHSJSh333je34DHJHDr4je4AMP85NxQe61 %include /tmp/partition.ks # COBBLER EMBEDDED SNIPPET: 'network_config' # CONFIGURES NETWORK INTERFACES DEPENDING ON # COBBLER SYSTEM PARAMETERS $SNIPPET('network_config') # PREINSTALL SECTION # HERE ARE COMMANDS THAT WILL BE LAUNCHED BEFORE # INSTALLATION PROCESS ITSELF %pre # COBBLER EMBEDDED SNIPPET: 'log_ks_pre' # CONFIGURES %pre LOGGING $SNIPPET('log_ks_pre') # DOWNLOADS send2syslog.py AND LAUNCHES IT # IN ORDER TO MONITOR LOG FILES AND SEND # LINES FROM THOSE FILES TO SYSLOG $SNIPPET('send2syslog') # SNIPPET: 'kickstart_ntp' # SYNC LOCAL TIME VIA NTP $SNIPPET('kickstart_ntp') # COBBLER EMBEDDED SNIPPET: 'kickstart_start' # LAUNCHES %pre TRIGGERS IF THOSE INSTALLED $SNIPPET('kickstart_start') # COBBLER EMBEDDED SNIPPET: 'pre_install_network_config' # PRECONFIGURES NETWORK INTERFACES DEPENDING ON # COBBLER SYSTEM PARAMETERS # IN PARTICULAR IT WRITES KICKSTART NETWORK CONFIGURATION # INTO /tmp/pre_install_network_config WHICH IS INCLUDED # INTO KICKSTART BY 'network_config' SNIPPET $SNIPPET('pre_install_network_config') # CONFIGURES SSH KEY ACCESS FOR SSHD CONSOLE # DURING OPERATING SYSTEM INSTALLATION $SNIPPET('anaconda_ssh_console') # COBBLER EMBEDDED SNIPPET: 'pre_install_partition' # DETECTS HARD DRIVES AND SETS FIRST OF THEM # AS INSTALLATION TARGET AND BOOTLOADER INSTALLATION TARGET $SNIPPET('pre_install_partition_lvm') # CONFIGURE ANACONDA YUM SETTINGS $SNIPPET('anaconda-yum') # PACKAGES SECTION # HERE ARE LIST OF PACKAGES THAT WILL BE INSTALLED # FIXME --ignoremissing %packages --nobase --ignoremissing $SNIPPET('centos_pkg_kernel_lt_if_enabled') @Core authconfig bfa-firmware bind-utils cronie crontabs curl daemonize gcc gdisk make mlocate nailgun-agent nailgun-mcagents nailgun-net-check nmap-ncat ntp ntpdate openssh openssh-clients openssh-server perl ql2100-firmware ql2200-firmware ql23xx-firmware ql2400-firmware ql2500-firmware rhn-setup rsync ruby-augeas ruby-devel rubygem-openstack rubygem-netaddr system-config-firewall-base tcpdump telnet virt-what vim wget yum yum-utils # COBBLER EMBEDDED SNIPPET: 'centos_ofed_prereq_pkgs_if_enabled' # LISTS ofed prereq PACKAGES IF mlnx_plugin_mode VARIABLE IS SET TO enabled $SNIPPET('centos_ofed_prereq_pkgs_if_enabled') # COBBLER EMBEDDED SNIPPET: 'puppet_install_if_enabled' # LISTS puppet PACKAGE IF puppet_auto_setup VARIABLE IS SET TO 1 $SNIPPET('puppet_install_if_enabled') # COBBLER EMBEDDED SNIPPET: 'mcollective_install_if_enabled' # LISTS mcollective PACKAGE IF mco_auto_setup VARIABLE IS SET TO 1 $SNIPPET('mcollective_install_if_enabled') # POST INSTALLATION PARTITIONING # THERE ARE SOME COMMANDS TO CREATE LARGE (>1TB) VOLUMES # AND INSTALL GRUB BOOTLOADER TO MAKE NODES ABLE TO BOOT FROM ANY HARDDRIVE %include /tmp/post_partition.ks # POSTINSTALL SECTION # HERE ARE COMMANDS THAT WILL BE LAUNCHED JUST AFTER # INSTALLATION ITSELF COMPLETED %post yum-config-manager --disableplugin=fastestmirror --save &>/dev/null echo -e "modprobe nf_conntrack_ipv4\nmodprobe nf_conntrack_ipv6" >> /etc/rc.modules chmod +x /etc/rc.modules echo -e "net.nf_conntrack_max=1048576" >> /etc/sysctl.conf mkdir -p /var/log/coredump echo -e "kernel.core_pattern=/var/log/coredump/core.%e.%p.%h.%t" >> /etc/sysctl.conf chmod 777 /var/log/coredump echo -e "* soft core unlimited\n* hard core unlimited" >> /etc/security/limits.conf sed -i '/\*.*soft.*nproc.*1024$/s/1024/10240/' /etc/security/limits.d/90-nproc.conf # COBBLER EMBEDDED SNIPPET: 'log_ks_post' # CONFIGURES %post LOGGING $SNIPPET('log_ks_post') # COBBLER EMBEDDED SNIPPET: 'post_install_kernel_options' # CONFIGURES KERNEL PARAMETERS ON INSTALLED SYSTEM $SNIPPET('post_install_kernel_options') # COBBLER EMBEDDED SNIPPET: 'post_install_network_config' # CONFIGURES NETWORK INTERFACES DEPENDING ON # COBBLER SYSTEM PARAMETERS $SNIPPET('post_install_network_config_fuel') # COBBLER EMBEDDED SNIPPET: 'puppet_conf' # CONFIGURES PUPPET AGENT $SNIPPET('puppet_conf') # COBBLER EMBEDDED SNIPPET: 'puppet_register_if_enabled' # CREATES CERTIFICATE REQUEST AND SENDS IT TO PUPPET MASTER $SNIPPET('puppet_register_if_enabled_fuel') # COBBLER EMBEDDED SNIPPET: 'mcollective_conf' # CONFIGURES MCOLLECTIVE AGENT $SNIPPET('mcollective_conf') # SNIPPET: 'kickstart_ntp' # SYNC LOCAL TIME VIA NTP $SNIPPET('kickstart_ntp') # SNIPPET: 'ntp_to_masternode' # CONFIGURES NTPD POOL TO MASTER NODE $SNIPPET('ntp_to_masternode') # Let's not to use separate snippet for just one line of code. Complexity eats my time. echo 'flock -w 0 -o /var/lock/agent.lock -c "/opt/nailgun/bin/agent >> /var/log/nailgun-agent.log 2>&1"' >> /etc/rc.local # It is for the internal nailgun using echo target > /etc/nailgun_systemtype # COBBLER EMBEDDED SNIPPET: 'authorized_keys' # PUTS authorized_keys file into /root/.ssh/authorized_keys $SNIPPET('centos_authorized_keys') # COBBLER EMBEDDED SNIPPET: 'nailgun_repo' # REMOVES ALL *.repo FILES FROM /etc/yum.repos.d AND # CREATES /etc/yum.repos.d/nailgun.repo FILE AND # PUTS IN IT ALL THE REPOSITORIES DEFINED IN ks_repo VARIABLE $SNIPPET('nailgun_repo') rpm -e --nodeps ruby yum install --exclude=ruby-2.1.1* -y ruby rubygems yum update -y --exclude --exclude=ruby* mkdir -p /etc/nailgun-agent/ cat > /etc/nailgun-agent/config.yaml << EOA --- url: '<%= scope.lookupvar('nailgun::cobbler::nailgun_api_url') %>' EOA # COBBLER EMBEDDED SNIPPET: 'kernel_lt_if_enabled' # INSTALLS kernel-lt PACKAGE IF kernel_lt VARIABLE IS SET TO 1 $SNIPPET('centos_post_kernel_lt_if_enabled') # COBBLER EMBEDDED SNIPPET: 'ssh_disable_gssapi' # REMOVES "GSSAPICleanupCredentials yes" AND "GSSAPIAuthentication yes" LINES # FROM /etc/ssh/sshd_config $SNIPPET('ssh_disable_gssapi') # COBBLER EMBEDDED SNIPPET: 'redhat_register' # REGISTER AT REDHAT WITH ACTIVATION KEY $SNIPPET('red_hat_register_satellite') # REGISTER TO RED HAT SUBSCRIPTION MANAGER WITH LOGIN/PASSWORD $SNIPPET('red_hat_register_rhsm') # Let's not wait forewer when ssh'ing: sed -i --follow-symlinks -e '/UseDNS/d' /etc/ssh/sshd_config echo 'UseDNS no' >> /etc/ssh/sshd_config # COBBLER EMBEDDED SNIPPET: 'sshd_auth_pubkey_only' # DISABLE PASSWORD AUTH. ALLOW PUBKEY AUTH ONLY IN /etc/ssh/sshd_config $SNIPPET('sshd_auth_pubkey_only') # Copying default bash settings to the root directory cp -f /etc/skel/.bash* /root/ # Rsyslogd should send all messages to master node $SNIPPET('target_logs_to_master') # Configure static IP address for admin interface $SNIPPET('centos_static_net') # Blacklist i2c_piix4 module so it does not create kernel errors $SNIPPET('centos_blacklist_i2c_piix4') # Install OFED components for RDMA if needed $SNIPPET('ofed_install_with_sriov') # COBBLER EMBEDDED SNIPPET: 'kickstart_done' # DISABLES PXE BOOTING $SNIPPET('kickstart_done') %end