Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <%#
- kind: provision
- name: Kickstart default
- model: ProvisioningTemplate
- oses:
- - CentOS
- - Fedora
- - RedHat
- %>
- <%#
- This template accepts the following parameters:
- - lang: string (default="en_US.UTF-8")
- - selinux-mode: string (default="enforcing")
- - keyboard: string (default="us")
- - time-zone: string (default="UTC")
- - http-proxy: string (default="")
- - http-proxy-port: string (default="")
- - force-puppet: boolean (default=false)
- - enable-epel: boolean (default=true)
- - enable-puppetlabs-repo: boolean (default=false)
- - enable-puppetlabs-pc1-repo: boolean (default=false)
- - enable-puppetlabs-puppet5-repo: boolean (default=false)
- - salt_master: string (default=undef)
- - ntp-server: string (default="0.fedora.pool.ntp.org")
- - bootloader-append: string (default="nofb quiet splash=quiet")
- - disable-firewall: boolean (default=false)
- - package_upgrade: boolean (default=true)
- - disable-uek: boolean (default=false)
- - use-ntp: boolean (default depends on OS release)
- - fips_enabled: boolean (default=false)
- %>
- <%
- rhel_compatible = @host.operatingsystem.family == 'Redhat' && @host.operatingsystem.name != 'Fedora'
- is_fedora = @host.operatingsystem.name == 'Fedora'
- os_major = @host.operatingsystem.major.to_i
- os_minor = @host.operatingsystem.minor.to_i
- realm_compatible = (@host.operatingsystem.name == 'Fedora' && os_major >= 20) || (rhel_compatible && os_major >= 7)
- # safemode renderer does not support unary negation
- pm_set = @host.puppetmaster.empty? ? false : true
- proxy_uri = host_param('http-proxy') ? "http://#{host_param('http-proxy')}:#{host_param('http-proxy-port')}" : nil
- proxy_string = proxy_uri ? " --proxy=#{proxy_uri}" : ''
- puppet_enabled = pm_set || host_param_true?('force-puppet')
- salt_enabled = host_param('salt_master') ? true : false
- chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy
- section_end = (rhel_compatible && os_major <= 5) ? '' : '%end'
- use_ntp = host_param_true?('use-ntp') || (is_fedora && os_major < 16) || (rhel_compatible && os_major <= 7)
- %>
- <% if (is_fedora && os_major < 29) || (rhel_compatible && os_major <= 7) -%>
- install
- <% end -%>
- <%
- if host_param('kickstart_liveimg')
- img_name = host_param('kickstart_liveimg')
- liveimg_url = if host_param('kt_activation_keys')
- repository_url(img_name, 'isos')
- else
- if img_name.match(%r|^([\w\-\+]+)://|)
- img_name
- else
- "#{@host.operatingsystem.medium_uri(@host)}/#{img_name}"
- end
- end
- %>
- liveimg --url=<%= liveimg_url %> <%= proxy_string %>
- <% else %>
- <%= @mediapath %><%= proxy_string %>
- <% @additional_media.each do |medium| -%>
- repo --name <%= medium[:name] %> --baseurl <%= medium[:url] %> <%= medium[:install] ? ' --install' : '' %><%= proxy_string %>
- <% end -%>
- <% end %>
- lang <%= host_param('lang') || 'en_US.UTF-8' %>
- selinux --<%= host_param('selinux-mode') || host_param('selinux') || 'enforcing' %>
- keyboard <%= host_param('keyboard') || 'us' %>
- skipx
- <% subnet = @host.subnet -%>
- <% if subnet.respond_to?(:dhcp_boot_mode?) -%>
- <% dhcp = subnet.dhcp_boot_mode? && !@static -%>
- <% else -%>
- <% dhcp = !@static -%>
- <% end -%>
- network --bootproto <%= dhcp ? 'dhcp' : "static --ip=#{@host.ip} --netmask=#{subnet.mask} --gateway=#{subnet.gateway} --nameserver=#{[subnet.dns_primary, subnet.dns_secondary].select{ |item| item.present? }.join(',')} --mtu=#{subnet.mtu.to_s}" %> --hostname <%= @host %><%= os_major >= 6 ? " --device=#{@host.mac}" : '' -%>
- rootpw --iscrypted <%= root_pass %>
- <% if host_param_true?('disable-firewall') -%>
- firewall --disable
- <% else -%>
- firewall --<%= os_major >= 6 ? 'service=' : '' %>ssh
- <% end -%>
- <% if (is_fedora && os_major >= 28) || (rhel_compatible && os_major > 7) -%>
- authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
- <% else -%>
- authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
- <% end -%>
- <% if use_ntp -%>
- timezone --utc <%= host_param('time-zone') || 'UTC' %>
- <% else -%>
- timezone --utc <%= host_param('time-zone') || 'UTC' %> <%= host_param('ntp-server') ? "--ntpservers #{host_param('ntp-server')}" : '' %>
- <% end -%>
- <% if rhel_compatible -%>
- services --disabled gpm,sendmail,cups,pcmcia,isdn,rawdevices,hpoj,bluetooth,openibd,avahi-daemon,avahi-dnsconfd,hidd,hplip,pcscd
- <% end -%>
- <% if realm_compatible && host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'Active Directory' -%>
- # One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value.
- realm join --one-time-password='<%= @host.otp || "$HOST[OTP]" %>' <%= @host.realm %>
- <% end -%>
- <% if @host.operatingsystem.name == 'Fedora' -%>
- repo --name=fedora-everything --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-<%= @host.operatingsystem.major %>&arch=<%= @host.architecture %><%= proxy_string %>
- <% end -%>
- <% if @host.operatingsystem.name == 'OracleLinux' && os_major == 7 && os_minor < 5 -%>
- repo --name="Server-Mysql"
- <% end -%>
- <% if @host.operatingsystem.name == 'Fedora' && os_major <= 16 -%>
- # Bootloader exception for Fedora 16:
- bootloader --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %> <%= ks_console %>" <%= @grub_pass %>
- part biosboot --fstype=biosboot --size=1
- <% else -%>
- bootloader --location=mbr --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %>" <%= @grub_pass %>
- <% if os_major == 5 -%>
- key --skip
- <% end -%>
- <% end -%>
- <% if @dynamic -%>
- %include /tmp/diskpart.cfg
- <% else -%>
- <%= @host.diskLayout %>
- <% end -%>
- text
- <% if @host.respond_to?(:bootdisk_build?) && @host.bootdisk_build? %>
- reboot --eject
- <% else -%>
- reboot
- <% end -%>
- %packages
- <%= snippet_if_exists(template_name + " custom packages") %>
- yum
- dhclient
- <% if use_ntp -%>
- ntp
- <% else -%>
- chrony
- <% end -%>
- wget
- @Core
- <% if os_major >= 6 -%>
- redhat-lsb-core
- <% end -%>
- <% if host_param_true?('fips_enabled') -%>
- <%= snippet 'fips_packages' %>
- <% end -%>
- <% if salt_enabled %>
- salt-minion
- <% end -%>
- <%= section_end -%>
- <% if @dynamic -%>
- %pre
- <%= snippet_if_exists(template_name + " custom pre") %>
- <%= @host.diskLayout %>
- <%= section_end -%>
- <% end -%>
- %post --nochroot
- exec < /dev/tty3 > /dev/tty3
- #changing to VT 3 so that we can see whats going on....
- /usr/bin/chvt 3
- (
- cp -va /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
- /usr/bin/chvt 1
- ) 2>&1 | tee /mnt/sysimage/root/install.postnochroot.log
- <%= section_end -%>
- <%#
- Main post script, if it fails the last post is still executed.
- %>
- %post --log=/mnt/sysimage/root/install.post.log
- logger "Starting anaconda <%= @host %> postinstall"
- exec < /dev/tty3 > /dev/tty3
- #changing to VT 3 so that we can see whats going on....
- /usr/bin/chvt 3
- <%= snippet_if_exists(template_name + " custom post") %>
- <% if subnet.respond_to?(:dhcp_boot_mode?) || @host.subnet6.respond_to?(:dhcp_boot_mode?) -%>
- <%= snippet 'kickstart_networking_setup' %>
- <% end -%>
- echo "Updating system time"
- <% if use_ntp -%>
- /usr/sbin/ntpdate -sub <%= host_param('ntp-server') || '0.fedora.pool.ntp.org' %>
- <% else -%>
- /usr/bin/chronyc makestep
- <% end -%>
- /usr/sbin/hwclock --systohc
- <% if proxy_uri -%>
- # Yum proxy
- echo 'proxy = <%= proxy_uri %>' >> /etc/yum.conf
- <% end -%>
- <% if rhel_compatible && !host_param_false?('enable-epel') -%>
- <%= snippet 'epel' -%>
- <% end -%>
- <%= snippet 'redhat_register' %>
- <% if host_enc['parameters']['realm'] && @host.realm && (@host.realm.realm_type == 'FreeIPA' || @host.realm.realm_type == 'Red Hat Identity Management') -%>
- <%= snippet 'freeipa_register' %>
- <% end -%>
- <% unless host_param_false?('package_upgrade') -%>
- # update all the base packages from the updates repository
- if [ -f /usr/bin/dnf ]; then
- dnf -y update
- else
- yum -t -y update
- fi
- <% end -%>
- <%= snippet('remote_execution_ssh_keys') %>
- <%= snippet "blacklist_kernel_modules" %>
- <% if chef_enabled %>
- <%= snippet 'chef_client' %>
- <% end -%>
- <% if puppet_enabled %>
- <% if host_param_true?('enable-puppetlabs-pc1-repo') || host_param_true?('enable-puppetlabs-repo') || host_param_true?('enable-puppetlabs-puppet5-repo') -%>
- <%= snippet 'puppetlabs_repo' %>
- <% end -%>
- <%= snippet 'puppet_setup' %>
- <% end -%>
- <% if salt_enabled %>
- <%= snippet 'saltstack_setup' %>
- <% end -%>
- <% if @host.operatingsystem.name == 'OracleLinux' && host_param_true?('disable-uek') -%>
- # Uninstall the Oracle Unbreakable Kernel packages
- yum -t -y remove kernel-uek*
- sed -e 's/DEFAULTKERNEL=kernel-uek/DEFAULTKERNEL=kernel/g' -i /etc/sysconfig/kernel
- <% end -%>
- <%= snippet('ansible_provisioning_callback') %>
- <%= snippet 'efibootmgr_netboot' %>
- touch /tmp/foreman_built
- <%= section_end -%>
- <%#
- The last post section halts Anaconda to prevent endless loop
- %>
- <% if (is_fedora && os_major < 20) || (rhel_compatible && os_major < 7) -%>
- %post
- <%= snippet('create_users') %>
- <% else -%>
- %post --erroronfail
- <% end -%>
- if test -f /tmp/foreman_built; then
- echo "calling home: build is done!"
- <%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'built', :method => 'POST', :body_file => '/mnt/sysimage/root/install.post.log' }) } -%>
- else
- echo "calling home: build failed!"
- <%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'failed', :method => 'POST', :body_file => '/mnt/sysimage/root/install.post.log' }) } -%>
- fi
- sync
- <%= section_end -%>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement