440245d6d4
This brings back changes that broke compatibility between old Nailgun code and Fuel Library with assumption that newer FUEL CI ISO will be uploaded in several hours.
blueprint consume-external-ubuntu
This reverts commit ccaab07d52
.
Change-Id: Ifc6a8a6043445741691cbfae364b7b8c5df9802e
290 lines
7.9 KiB
Plaintext
290 lines
7.9 KiB
Plaintext
#import json
|
|
|
|
# WHAT TO DO (install fresh system rather than upgrade)
|
|
install
|
|
|
|
# INSTALLATION SOURCE (centos repository)
|
|
#set $repo_setup = json.loads($getVar("repo_setup"))
|
|
#set $repo = $repo_setup["repos"][0]
|
|
url --url=$repo["uri"]
|
|
|
|
#if $varExists("repo_setup")
|
|
# REPOSITORIES FROM Nailgun
|
|
#set $repos = $repo_setup["repos"][1:]
|
|
#for $repo in $repos
|
|
repo --name=$repo["name"] --baseurl=$repo["uri"]
|
|
#end for
|
|
#else
|
|
# ALTERNATIVE REPOSITORIES (PRESET)
|
|
<% @ks_repo.each do |repo| %>
|
|
repo --name=<%= repo['name'] %> --baseurl=<%= repo['url'] %>
|
|
<% end %>
|
|
#end if
|
|
|
|
# KEYBOARD AND LANGUAGE CUSTOMIZATION
|
|
lang en_US.UTF-8
|
|
keyboard us
|
|
|
|
# WHICH TIMEZONE TO USE ON INSTALLED SYSTEM
|
|
timezone --utc <%= @ks_system_timezone %>
|
|
|
|
# REBOOT AFTER INSTALLATION
|
|
reboot
|
|
|
|
firewall --disable
|
|
zerombr
|
|
|
|
# SET ROOT PASSWORD DEFAULT IS r00tme
|
|
rootpw --iscrypted <%= @ks_encrypted_root_password %>
|
|
|
|
# AUTHENTICATION CUSTOMIZATION
|
|
authconfig --enableshadow --passalgo=sha512
|
|
|
|
# DISABLE SELINUX ON INSTALLED SYSTEM
|
|
selinux --disabled
|
|
|
|
# INSTALL IN TEXT MODE
|
|
text
|
|
|
|
# SKIP CONFIGURING X
|
|
skipx
|
|
|
|
# Suppress "unsupported hardware" warning
|
|
unsupported_hardware
|
|
|
|
# SSH user and some unknown random password,
|
|
# we're going to use SSH keys anyway
|
|
sshpw --username root --iscrypted $6$tCD3X7ji$1urw6qEMDkVxOkD33k2jjklHSDG2hg2234kJHESJ3hwhsjHshSJshHSJSh333je34DHJHDr4je4AMP85NxQe61
|
|
|
|
%include /tmp/partition.ks
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'network_config'
|
|
# CONFIGURES NETWORK INTERFACES DEPENDING ON
|
|
# COBBLER SYSTEM PARAMETERS
|
|
$SNIPPET('network_config')
|
|
|
|
# PREINSTALL SECTION
|
|
# HERE ARE COMMANDS THAT WILL BE LAUNCHED BEFORE
|
|
# INSTALLATION PROCESS ITSELF
|
|
%pre
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'log_ks_pre'
|
|
# CONFIGURES %pre LOGGING
|
|
$SNIPPET('log_ks_pre')
|
|
|
|
# DOWNLOADS send2syslog.py AND LAUNCHES IT
|
|
# IN ORDER TO MONITOR LOG FILES AND SEND
|
|
# LINES FROM THOSE FILES TO SYSLOG
|
|
$SNIPPET('send2syslog')
|
|
|
|
# SNIPPET: 'kickstart_ntp'
|
|
# SYNC LOCAL TIME VIA NTP
|
|
$SNIPPET('kickstart_ntp')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'kickstart_start'
|
|
# LAUNCHES %pre TRIGGERS IF THOSE INSTALLED
|
|
$SNIPPET('kickstart_start')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'pre_install_network_config'
|
|
# PRECONFIGURES NETWORK INTERFACES DEPENDING ON
|
|
# COBBLER SYSTEM PARAMETERS
|
|
# IN PARTICULAR IT WRITES KICKSTART NETWORK CONFIGURATION
|
|
# INTO /tmp/pre_install_network_config WHICH IS INCLUDED
|
|
# INTO KICKSTART BY 'network_config' SNIPPET
|
|
$SNIPPET('pre_install_network_config')
|
|
|
|
# CONFIGURES SSH KEY ACCESS FOR SSHD CONSOLE
|
|
# DURING OPERATING SYSTEM INSTALLATION
|
|
$SNIPPET('anaconda_ssh_console')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'pre_install_partition'
|
|
# DETECTS HARD DRIVES AND SETS FIRST OF THEM
|
|
# AS INSTALLATION TARGET AND BOOTLOADER INSTALLATION TARGET
|
|
$SNIPPET('pre_install_partition_lvm')
|
|
|
|
# CONFIGURE ANACONDA YUM SETTINGS
|
|
$SNIPPET('anaconda-yum')
|
|
|
|
# PACKAGES SECTION
|
|
# HERE ARE LIST OF PACKAGES THAT WILL BE INSTALLED
|
|
# FIXME --ignoremissing
|
|
%packages --nobase --ignoremissing
|
|
$SNIPPET('centos_pkg_kernel_lt_if_enabled')
|
|
@Core
|
|
authconfig
|
|
bfa-firmware
|
|
bind-utils
|
|
cronie
|
|
crontabs
|
|
curl
|
|
daemonize
|
|
gcc
|
|
gdisk
|
|
make
|
|
mlocate
|
|
nailgun-agent
|
|
nailgun-mcagents
|
|
nailgun-net-check
|
|
nmap-ncat
|
|
ntp
|
|
ntpdate
|
|
openssh
|
|
openssh-clients
|
|
openssh-server
|
|
perl
|
|
ql2100-firmware
|
|
ql2200-firmware
|
|
ql23xx-firmware
|
|
ql2400-firmware
|
|
ql2500-firmware
|
|
rhn-setup
|
|
rsync
|
|
ruby-augeas
|
|
ruby-devel
|
|
rubygem-openstack
|
|
rubygem-netaddr
|
|
system-config-firewall-base
|
|
tcpdump
|
|
telnet
|
|
virt-what
|
|
vim
|
|
wget
|
|
yum
|
|
yum-utils
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'centos_ofed_prereq_pkgs_if_enabled'
|
|
# LISTS ofed prereq PACKAGES IF mlnx_plugin_mode VARIABLE IS SET TO enabled
|
|
$SNIPPET('centos_ofed_prereq_pkgs_if_enabled')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'puppet_install_if_enabled'
|
|
# LISTS puppet PACKAGE IF puppet_auto_setup VARIABLE IS SET TO 1
|
|
$SNIPPET('puppet_install_if_enabled')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'mcollective_install_if_enabled'
|
|
# LISTS mcollective PACKAGE IF mco_auto_setup VARIABLE IS SET TO 1
|
|
$SNIPPET('mcollective_install_if_enabled')
|
|
|
|
# POST INSTALLATION PARTITIONING
|
|
# THERE ARE SOME COMMANDS TO CREATE LARGE (>1TB) VOLUMES
|
|
# AND INSTALL GRUB BOOTLOADER TO MAKE NODES ABLE TO BOOT FROM ANY HARDDRIVE
|
|
%include /tmp/post_partition.ks
|
|
|
|
# POSTINSTALL SECTION
|
|
# HERE ARE COMMANDS THAT WILL BE LAUNCHED JUST AFTER
|
|
# INSTALLATION ITSELF COMPLETED
|
|
%post
|
|
|
|
yum-config-manager --disableplugin=fastestmirror --save &>/dev/null
|
|
|
|
echo -e "modprobe nf_conntrack_ipv4\nmodprobe nf_conntrack_ipv6" >> /etc/rc.modules
|
|
chmod +x /etc/rc.modules
|
|
echo -e "net.nf_conntrack_max=1048576" >> /etc/sysctl.conf
|
|
mkdir -p /var/log/coredump
|
|
echo -e "kernel.core_pattern=/var/log/coredump/core.%e.%p.%h.%t" >> /etc/sysctl.conf
|
|
chmod 777 /var/log/coredump
|
|
echo -e "* soft core unlimited\n* hard core unlimited" >> /etc/security/limits.conf
|
|
sed -i '/\*.*soft.*nproc.*1024$/s/1024/10240/' /etc/security/limits.d/90-nproc.conf
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'log_ks_post'
|
|
# CONFIGURES %post LOGGING
|
|
$SNIPPET('log_ks_post')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'post_install_kernel_options'
|
|
# CONFIGURES KERNEL PARAMETERS ON INSTALLED SYSTEM
|
|
$SNIPPET('post_install_kernel_options')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'post_install_network_config'
|
|
# CONFIGURES NETWORK INTERFACES DEPENDING ON
|
|
# COBBLER SYSTEM PARAMETERS
|
|
$SNIPPET('post_install_network_config_fuel')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'puppet_conf'
|
|
# CONFIGURES PUPPET AGENT
|
|
$SNIPPET('puppet_conf')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'puppet_register_if_enabled'
|
|
# CREATES CERTIFICATE REQUEST AND SENDS IT TO PUPPET MASTER
|
|
$SNIPPET('puppet_register_if_enabled_fuel')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'mcollective_conf'
|
|
# CONFIGURES MCOLLECTIVE AGENT
|
|
$SNIPPET('mcollective_conf')
|
|
|
|
# SNIPPET: 'kickstart_ntp'
|
|
# SYNC LOCAL TIME VIA NTP
|
|
$SNIPPET('kickstart_ntp')
|
|
|
|
# SNIPPET: 'ntp_to_masternode'
|
|
# CONFIGURES NTPD POOL TO MASTER NODE
|
|
$SNIPPET('ntp_to_masternode')
|
|
|
|
# Let's not to use separate snippet for just one line of code. Complexity eats my time.
|
|
echo 'flock -w 0 -o /var/lock/agent.lock -c "/opt/nailgun/bin/agent >> /var/log/nailgun-agent.log 2>&1"' >> /etc/rc.local
|
|
|
|
# It is for the internal nailgun using
|
|
echo target > /etc/nailgun_systemtype
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'authorized_keys'
|
|
# PUTS authorized_keys file into /root/.ssh/authorized_keys
|
|
$SNIPPET('centos_authorized_keys')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'nailgun_repo'
|
|
# REMOVES ALL *.repo FILES FROM /etc/yum.repos.d AND
|
|
# CREATES /etc/yum.repos.d/nailgun.repo FILE AND
|
|
# PUTS IN IT ALL THE REPOSITORIES DEFINED IN ks_repo VARIABLE
|
|
$SNIPPET('nailgun_repo')
|
|
|
|
rpm -e --nodeps ruby
|
|
yum install --exclude=ruby-2.1.1* -y ruby rubygems
|
|
yum update -y --exclude --exclude=ruby*
|
|
|
|
mkdir -p /etc/nailgun-agent/
|
|
cat > /etc/nailgun-agent/config.yaml << EOA
|
|
---
|
|
url: '<%= scope.lookupvar('nailgun::cobbler::nailgun_api_url') %>'
|
|
EOA
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'kernel_lt_if_enabled'
|
|
# INSTALLS kernel-lt PACKAGE IF kernel_lt VARIABLE IS SET TO 1
|
|
$SNIPPET('centos_post_kernel_lt_if_enabled')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'ssh_disable_gssapi'
|
|
# REMOVES "GSSAPICleanupCredentials yes" AND "GSSAPIAuthentication yes" LINES
|
|
# FROM /etc/ssh/sshd_config
|
|
$SNIPPET('ssh_disable_gssapi')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'redhat_register'
|
|
# REGISTER AT REDHAT WITH ACTIVATION KEY
|
|
$SNIPPET('red_hat_register_satellite')
|
|
# REGISTER TO RED HAT SUBSCRIPTION MANAGER WITH LOGIN/PASSWORD
|
|
$SNIPPET('red_hat_register_rhsm')
|
|
|
|
# Let's not wait forewer when ssh'ing:
|
|
sed -i --follow-symlinks -e '/UseDNS/d' /etc/ssh/sshd_config
|
|
echo 'UseDNS no' >> /etc/ssh/sshd_config
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'sshd_auth_pubkey_only'
|
|
# DISABLE PASSWORD AUTH. ALLOW PUBKEY AUTH ONLY IN /etc/ssh/sshd_config
|
|
$SNIPPET('sshd_auth_pubkey_only')
|
|
|
|
# Copying default bash settings to the root directory
|
|
cp -f /etc/skel/.bash* /root/
|
|
|
|
# Rsyslogd should send all messages to master node
|
|
$SNIPPET('target_logs_to_master')
|
|
|
|
# Configure static IP address for admin interface
|
|
$SNIPPET('centos_static_net')
|
|
|
|
# Blacklist i2c_piix4 module so it does not create kernel errors
|
|
$SNIPPET('centos_blacklist_i2c_piix4')
|
|
|
|
# Install OFED components for RDMA if needed
|
|
$SNIPPET('ofed_install_with_sriov')
|
|
|
|
# COBBLER EMBEDDED SNIPPET: 'kickstart_done'
|
|
# DISABLES PXE BOOTING
|
|
$SNIPPET('kickstart_done')
|
|
|
|
%end
|