fuel-library/deployment/puppet/cobbler/templates/kickstart/centos.ks.erb

#import json

# WHAT TO DO (install fresh system rather than upgrade)
install

# INSTALLATION SOURCE (centos repository)
#set $repo_setup = json.loads($getVar("repo_setup"))
#set $repo = $repo_setup["repos"][0]
url --url=$repo["uri"]

#if $varExists("repo_setup")
# REPOSITORIES FROM Nailgun
#set $repos = $repo_setup["repos"][1:]
#for $repo in $repos
repo --name=$repo["name"] --baseurl=$repo["uri"]
#end for
#else
# ALTERNATIVE REPOSITORIES (PRESET)
<% @ks_repo.each do |repo| %>
repo --name=<%= repo['name'] %> --baseurl=<%= repo['url'] %>
<% end %>
#end if

# KEYBOARD AND LANGUAGE CUSTOMIZATION
lang en_US.UTF-8
keyboard us

# WHICH TIMEZONE TO USE ON INSTALLED SYSTEM
timezone --utc <%= @ks_system_timezone %>

# REBOOT AFTER INSTALLATION
reboot

firewall --disable
zerombr

# SET ROOT PASSWORD DEFAULT IS r00tme
rootpw --iscrypted <%= @ks_encrypted_root_password %>

# AUTHENTICATION CUSTOMIZATION
authconfig --enableshadow --passalgo=sha512

# DISABLE SELINUX ON INSTALLED SYSTEM
selinux --disabled

# INSTALL IN TEXT MODE
text

# SKIP CONFIGURING X
skipx

# Suppress "unsupported hardware" warning
unsupported_hardware

# SSH user and some unknown random password,
# we're going to use SSH keys anyway
sshpw --username root --iscrypted $6$tCD3X7ji$1urw6qEMDkVxOkD33k2jjklHSDG2hg2234kJHESJ3hwhsjHshSJshHSJSh333je34DHJHDr4je4AMP85NxQe61

%include /tmp/partition.ks

# COBBLER EMBEDDED SNIPPET: 'network_config'
# CONFIGURES NETWORK INTERFACES DEPENDING ON
# COBBLER SYSTEM PARAMETERS
$SNIPPET('network_config')

# PREINSTALL SECTION
# HERE ARE COMMANDS THAT WILL BE LAUNCHED BEFORE
# INSTALLATION PROCESS ITSELF
%pre

# COBBLER EMBEDDED SNIPPET: 'log_ks_pre'
# CONFIGURES %pre LOGGING
$SNIPPET('log_ks_pre')

# DOWNLOADS send2syslog.py AND LAUNCHES IT
# IN ORDER TO MONITOR LOG FILES AND SEND
# LINES FROM THOSE FILES TO SYSLOG
$SNIPPET('send2syslog')

# SNIPPET: 'kickstart_ntp'
# SYNC LOCAL TIME VIA NTP
$SNIPPET('kickstart_ntp')

# COBBLER EMBEDDED SNIPPET: 'kickstart_start'
# LAUNCHES %pre TRIGGERS IF THOSE INSTALLED
$SNIPPET('kickstart_start')

# COBBLER EMBEDDED SNIPPET: 'pre_install_network_config'
# PRECONFIGURES NETWORK INTERFACES DEPENDING ON
# COBBLER SYSTEM PARAMETERS
# IN PARTICULAR IT WRITES KICKSTART NETWORK CONFIGURATION
# INTO /tmp/pre_install_network_config WHICH IS INCLUDED
# INTO KICKSTART BY 'network_config' SNIPPET
$SNIPPET('pre_install_network_config')

# CONFIGURES SSH KEY ACCESS FOR SSHD CONSOLE
# DURING OPERATING SYSTEM INSTALLATION
$SNIPPET('anaconda_ssh_console')

# COBBLER EMBEDDED SNIPPET: 'pre_install_partition'
# DETECTS HARD DRIVES AND SETS FIRST OF THEM
# AS INSTALLATION TARGET AND BOOTLOADER INSTALLATION TARGET
$SNIPPET('pre_install_partition_lvm')

# CONFIGURE ANACONDA YUM SETTINGS
$SNIPPET('anaconda-yum')

# PACKAGES SECTION
# HERE ARE LIST OF PACKAGES THAT WILL BE INSTALLED
# FIXME --ignoremissing
%packages --nobase --ignoremissing
$SNIPPET('centos_pkg_kernel_lt_if_enabled')
@Core
authconfig
bfa-firmware
bind-utils
cronie
crontabs
curl
daemonize
gcc
gdisk
make
mlocate
nailgun-agent
nailgun-mcagents
nailgun-net-check
nmap-ncat
ntp
ntpdate
openssh
openssh-clients
openssh-server
perl
ql2100-firmware
ql2200-firmware
ql23xx-firmware
ql2400-firmware
ql2500-firmware
rhn-setup
rsync
ruby-augeas
ruby-devel
rubygem-openstack
rubygem-netaddr
system-config-firewall-base
tcpdump
telnet
virt-what
vim
wget
xfsprogs
yum
yum-utils
yum-plugin-priorities

# COBBLER EMBEDDED SNIPPET: 'centos_ofed_prereq_pkgs_if_enabled'
# LISTS ofed prereq PACKAGES IF mlnx_plugin_mode VARIABLE IS SET TO enabled
$SNIPPET('centos_ofed_prereq_pkgs_if_enabled')

# COBBLER EMBEDDED SNIPPET: 'puppet_install_if_enabled'
# LISTS puppet PACKAGE IF puppet_auto_setup VARIABLE IS SET TO 1
$SNIPPET('puppet_install_if_enabled')

# COBBLER EMBEDDED SNIPPET: 'mcollective_install_if_enabled'
# LISTS mcollective PACKAGE IF mco_auto_setup VARIABLE IS SET TO 1
$SNIPPET('mcollective_install_if_enabled')

# POST INSTALLATION PARTITIONING
# THERE ARE SOME COMMANDS TO CREATE LARGE (>1TB) VOLUMES
# AND INSTALL GRUB BOOTLOADER TO MAKE NODES ABLE TO BOOT FROM ANY HARDDRIVE
%include /tmp/post_partition.ks

# POSTINSTALL SECTION
# HERE ARE COMMANDS THAT WILL BE LAUNCHED JUST AFTER
# INSTALLATION ITSELF COMPLETED
%post

yum-config-manager --disableplugin=fastestmirror --save &>/dev/null

echo -e "modprobe nf_conntrack_ipv4\nmodprobe nf_conntrack_ipv6" >> /etc/rc.modules
chmod +x /etc/rc.modules
echo -e "net.nf_conntrack_max=1048576" >> /etc/sysctl.conf
mkdir -p /var/log/coredump
echo -e "kernel.core_pattern=/var/log/coredump/core.%e.%p.%h.%t" >> /etc/sysctl.conf
chmod 777 /var/log/coredump
echo -e "* soft core unlimited\n* hard core unlimited" >> /etc/security/limits.conf
sed -i '/\*.*soft.*nproc.*1024$/s/1024/10240/' /etc/security/limits.d/90-nproc.conf

# COBBLER EMBEDDED SNIPPET: 'log_ks_post'
# CONFIGURES %post LOGGING
$SNIPPET('log_ks_post')

# COBBLER EMBEDDED SNIPPET: 'post_install_kernel_options'
# CONFIGURES KERNEL PARAMETERS ON INSTALLED SYSTEM
$SNIPPET('post_install_kernel_options')

# COBBLER EMBEDDED SNIPPET: 'post_install_network_config'
# CONFIGURES NETWORK INTERFACES DEPENDING ON
# COBBLER SYSTEM PARAMETERS
$SNIPPET('post_install_network_config_fuel')

# COBBLER EMBEDDED SNIPPET: 'puppet_conf'
# CONFIGURES PUPPET AGENT
$SNIPPET('puppet_conf')

# COBBLER EMBEDDED SNIPPET: 'puppet_register_if_enabled'
# CREATES CERTIFICATE REQUEST AND SENDS IT TO PUPPET MASTER
$SNIPPET('puppet_register_if_enabled_fuel')

# COBBLER EMBEDDED SNIPPET: 'mcollective_conf'
# CONFIGURES MCOLLECTIVE AGENT
$SNIPPET('mcollective_conf')

# SNIPPET: 'kickstart_ntp'
# SYNC LOCAL TIME VIA NTP
$SNIPPET('kickstart_ntp')

# SNIPPET: 'ntp_to_masternode'
# CONFIGURES NTPD POOL TO MASTER NODE
$SNIPPET('ntp_to_masternode')

# Let's not to use separate snippet for just one line of code. Complexity eats my time.
echo 'flock -w 0 -o /var/lock/agent.lock -c "/opt/nailgun/bin/agent >> /var/log/nailgun-agent.log 2>&1"' >> /etc/rc.local

# It is for the internal nailgun using
echo target > /etc/nailgun_systemtype

# COBBLER EMBEDDED SNIPPET: 'authorized_keys'
# PUTS authorized_keys file into /root/.ssh/authorized_keys
$SNIPPET('centos_authorized_keys')

# COBBLER EMBEDDED SNIPPET: 'nailgun_repo'
# REMOVES ALL *.repo FILES FROM /etc/yum.repos.d AND
# CREATES /etc/yum.repos.d/nailgun.repo FILE AND
# PUTS IN IT ALL THE REPOSITORIES DEFINED IN ks_repo VARIABLE
$SNIPPET('nailgun_repo')

sleep_time="1"
retry_count="10"

#raw
yum_retry() {
  retry="1"
  while :; do
    yum ${@}
    if [ "${?}" -eq "0" ]; then
      break
    fi
    retry=$((retry + 1))
    if [ "${retry}" -gt "${retry_count}" ]; then
      echo "Command failed: yum ${@}"
      break
    fi
    sleep "${sleep_time}"
  done
}
#end raw

rpm -e --nodeps ruby
yum_retry install --exclude=ruby21*,ruby-2.1.1* -y ruby rubygems
yum_retry update -y --exclude --exclude=ruby*

mkdir -p /etc/nailgun-agent/
cat > /etc/nailgun-agent/config.yaml << EOA
---
url: '<%= scope.lookupvar('nailgun::cobbler::nailgun_api_url') %>'
EOA

# COBBLER EMBEDDED SNIPPET: 'kernel_lt_if_enabled'
# INSTALLS kernel-lt PACKAGE IF kernel_lt VARIABLE IS SET TO 1
$SNIPPET('centos_post_kernel_lt_if_enabled')

# COBBLER EMBEDDED SNIPPET: 'ssh_disable_gssapi'
# REMOVES "GSSAPICleanupCredentials yes" AND "GSSAPIAuthentication yes" LINES
# FROM /etc/ssh/sshd_config
$SNIPPET('ssh_disable_gssapi')

# Let's not wait forewer when ssh'ing:
sed -i --follow-symlinks -e '/UseDNS/d' /etc/ssh/sshd_config
echo 'UseDNS no' >> /etc/ssh/sshd_config

# COBBLER EMBEDDED SNIPPET: 'sshd_auth_pubkey_only'
# DISABLE PASSWORD AUTH. ALLOW PUBKEY AUTH ONLY IN /etc/ssh/sshd_config
$SNIPPET('sshd_auth_pubkey_only')

# Copying default bash settings to the root directory
cp -f /etc/skel/.bash* /root/

# Rsyslogd should send all messages to master node
$SNIPPET('target_logs_to_master')

# Configure static IP address for admin interface
$SNIPPET('centos_static_net')

# Blacklist i2c_piix4 module so it does not create kernel errors
$SNIPPET('centos_blacklist_i2c_piix4')

# Install OFED components for RDMA if needed
$SNIPPET('ofed_install_with_sriov')

# COBBLER EMBEDDED SNIPPET: 'kickstart_done'
# DISABLES PXE BOOTING
$SNIPPET('kickstart_done')

%end