# System authorization information auth --enableshadow --passalgo=sha512 # Use network installation url --url="http://linuxsoft.cern.ch/cern/centos/7/os/x86_64/" # Use graphical install #graphical # Run the Setup Agent on first boot firstboot --enable ignoredisk --only-use=sdy # Keyboard layouts keyboard --vckeymap=us --xlayouts='us' # System language lang en_US.UTF-8 # Network information network --bootproto=dhcp --device=ens34 --ipv6=auto --activate # Root password rootpw --iscrypted :):|:( # System timezone timezone Europe/Zurich --isUtc --isUtc --ntpservers=myntp01,myntp02 #text #skipx # Partition clearing information clearpart --all --initlabel --drives=sdy #%include /tmp/ks-partition.cfg # Disk partitioning information part /boot/efi --fstype=efi --grow --maxsize=200 --size=20 # <-------- BIG NEWS !!! # # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-bootloader-x86 # UEFI systems # Only GPT is allowed on UEFI systems. In order to install on a formatted disk with a MBR, you must first reformat it. # You need to create an EFI System Partition (/boot/efi), regardless of the partitioning scheme. The /boot/efi partition should be at least 50 MB in size; its recommended size is 200 MB. # part / --fstype="xfs" --ondisk=sdy --size=9536 --label=/ part /boot --fstype="xfs" --ondisk=sdy --size=1200 --label=/boot part swap --fstype="swap" --ondisk=sdy --size=10000 part /var --fstype="xfs" --ondisk=sdy --size=20000 --label=/var part /var/log --fstype="xfs" --ondisk=sdy --size=25000 --label=/var/log part /var/log/audit --fstype="xfs" --ondisk=sdy --size=2000 --label=/var/log/audit part /usr/vice/cache --fstype="xfs" --fsoptions="nodev,async,noatime" --size=10000 --ondisk=sdy --grow --label=/usr/vice/cache part /tmp --label=/tmp --fstype="xfs" --size=10000 --fsoptions="nodev,async,nosuid,noexec" --ondisk=sdy bootloader --location=mbr # On a GPT-formatted disk, this option installs stage 1.5 of the boot loader into the BIOS boot partition. reboot %packages --ignoremissing @core @system-admin-tools @hardware-monitoring @emacs @network-file-system-client augeas-libs authconfig-gtk autogen-libopts bc createrepo curl dstat elinks git htop iftop kexec-tools krb5-workstation libselinux-ruby libyaml lsof mlocate net-tools nss-pam-ldapd ntp ntpdate ossec-hids-client pciutils openafs kmod-openafs openafs-client openafs-krb5 openafs-authlibs krb5-workstation puppet python-sssdconfig ruby ruby-irb ruby-libs rubygem-bigdecimal rubygem-io-console rubygem-json rubygem-psych rubygem-rdoc rubygems salt-minion sssd-client sssd-ldap sssd-proxy strace vim wget yum-plugin-priorities yum-plugin-ps -bind -cern-linuxsupport-access -dovecot -glusterfs -httpd -iwl100-firmware -iwl1000-firmware -iwl105-firmware -iwl135-firmware -iwl2000-firmware -iwl2030-firmware -iwl3160-firmware -iwl3945-firmware -iwl4965-firmware -iwl5000-firmware -iwl5150-firmware -iwl6000-firmware -iwl6000g2a-firmware -iwl6000g2b-firmware -iwl6050-firmware -iwl7260-firmware -net-snmp -ocsinventory-agent -rsh -rsh-server -samba -squid -talk -talk-server -telnet -telnet-server -tftp -vsftpd -xinetd -ypbind -ypserv %end %addon com_redhat_kdump --enable --reserve-mb='auto' %end %pre --interpreter=/usr/bin/bash --log=/tmp/pre.log echo "### Begin of %pre" cat /proc/cmdline echo "### End of %pre" %end %post --nochroot --interpreter=/usr/bin/bash --log=/mnt/sysimage/var/log/post_nochroot.log echo "### Begin of %post --nochroot" [ -f /tmp/pre.log ] && mv /tmp/pre.log /mnt/sysimage/var/log/ # cat /mnt/sysimage/var/log/pre.log # ### Begin of %pre # initrd=scientific/71/x86_64/initrd.img inst.repo=http://linuxsoft.cern.ch/cern/centos/7/os/x86_64/ inst.sshd inst.text inst.loglevel=debug inst.syslog=t3service01.psi.ch:1514 # ks=http://linux.web.psi.ch/kickstart/configs/centos71-t3.ks BOOT_IMAGE=scientific/71/x86_64/vmlinuz a=b c=d f=hhhh # ### End of %pre # egrep -o c=[a-zA-Z]* pre.log # c=d echo "### End of %post --nochroot" %end %post --interpreter=/usr/bin/bash --log=/var/log/post.log echo "### Begin of %post" [ -f /etc/yum.repos.d/epel.repo ] && sed -i 's/^enabled=1$/enabled=0/' /etc/yum.repos.d/epel.repo mkdir -p /usr/vice/etc/ echo mycell > /usr/vice/etc/ThisCell systemctl enable openafs-client systemctl status openafs-client systemctl start openafs-client ######### T3 facts mkdir -p /etc/facter/facts.d cat << EOF > /etc/facter/facts.d/psi #!/bin/bash EOF # see %post --nochroot section cd /var/log/ egrep -o zone=[a-zA-Z1-9]* pre.log | awk '{ print "echo "$1 }' >> /etc/facter/facts.d/psi egrep -o role=[a-zA-Z1-9]* pre.log | awk '{ print "echo "$1 }' >> /etc/facter/facts.d/psi egrep -o set=[a-zA-Z1-9]* pre.log | awk '{ print "echo "$1 }' >> /etc/facter/facts.d/psi chmod ugo+x,ugo-w /etc/facter/facts.d/psi cd - ##################### # CIS pag 53 https://benchmarks.cisecurity.org/downloads/form/index.cfm?download=rhel7.100 cd /usr/lib/systemd/system/ && rm -f default.target && ln -s multi-user.target default.target && cd - systemctl enable ntpd systemctl restart ntpd cat << EOF > /etc/modprobe.d/CIS.conf install cramfs /bin/true install freevxfs /bin/true install jffs2 /bin/true install hfs /bin/true install hfsplus /bin/true install squashfs /bin/true install udf /bin/true install dccp /bin/true install sctp /bin/true install rds /bin/true install tipc /bin/true EOF yum install puppet -y yum -y update echo "### End of %post" %end