SHARE
TWEET

Untitled

a guest Feb 18th, 2020 82 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <%#
  2. kind: provision
  3. name: Kickstart default
  4. model: ProvisioningTemplate
  5. oses:
  6. - CentOS
  7. - Fedora
  8. - RedHat
  9. %>
  10. <%#
  11. This template accepts the following parameters:
  12. - lang: string (default="en_US.UTF-8")
  13. - selinux-mode: string (default="enforcing")
  14. - keyboard: string (default="us")
  15. - time-zone: string (default="UTC")
  16. - http-proxy: string (default="")
  17. - http-proxy-port: string (default="")
  18. - force-puppet: boolean (default=false)
  19. - enable-epel: boolean (default=true)
  20. - enable-puppetlabs-repo: boolean (default=false)
  21. - enable-puppetlabs-pc1-repo: boolean (default=false)
  22. - enable-puppetlabs-puppet5-repo: boolean (default=false)
  23. - salt_master: string (default=undef)
  24. - ntp-server: string (default="0.fedora.pool.ntp.org")
  25. - bootloader-append: string (default="nofb quiet splash=quiet")
  26. - disable-firewall: boolean (default=false)
  27. - package_upgrade: boolean (default=true)
  28. - disable-uek: boolean (default=false)
  29. - use-ntp: boolean (default depends on OS release)
  30. - fips_enabled: boolean (default=false)
  31. %>
  32. <%
  33.   rhel_compatible = @host.operatingsystem.family == 'Redhat' && @host.operatingsystem.name != 'Fedora'
  34.   is_fedora = @host.operatingsystem.name == 'Fedora'
  35.   os_major = @host.operatingsystem.major.to_i
  36.   os_minor = @host.operatingsystem.minor.to_i
  37.   realm_compatible = (@host.operatingsystem.name == 'Fedora' && os_major >= 20) || (rhel_compatible && os_major >= 7)
  38.   # safemode renderer does not support unary negation
  39.   pm_set = @host.puppetmaster.empty? ? false : true
  40.   proxy_uri = host_param('http-proxy') ? "http://#{host_param('http-proxy')}:#{host_param('http-proxy-port')}" : nil
  41.   proxy_string = proxy_uri ? " --proxy=#{proxy_uri}" : ''
  42.   puppet_enabled = pm_set || host_param_true?('force-puppet')
  43.   salt_enabled = host_param('salt_master') ? true : false
  44.   chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy
  45.   section_end = (rhel_compatible && os_major <= 5) ? '' : '%end'
  46.   use_ntp = host_param_true?('use-ntp') || (is_fedora && os_major < 16) || (rhel_compatible && os_major <= 7)
  47. %>
  48. <% if (is_fedora && os_major < 29) || (rhel_compatible && os_major <= 7) -%>
  49. install
  50. <% end -%>
  51. <%
  52. if host_param('kickstart_liveimg')
  53.   img_name = host_param('kickstart_liveimg')
  54.   liveimg_url = if host_param('kt_activation_keys')
  55.     repository_url(img_name, 'isos')
  56.   else
  57.     if img_name.match(%r|^([\w\-\+]+)://|)
  58.       img_name
  59.     else
  60.       "#{@host.operatingsystem.medium_uri(@host)}/#{img_name}"
  61.     end
  62.   end
  63. %>
  64. liveimg --url=<%= liveimg_url %> <%= proxy_string %>
  65. <% else %>
  66. <%= @mediapath %><%= proxy_string %>
  67. <% @additional_media.each do |medium| -%>
  68. repo --name <%= medium[:name] %> --baseurl <%= medium[:url] %> <%= medium[:install] ? ' --install' : '' %><%= proxy_string %>
  69. <% end -%>
  70. <% end %>
  71. lang <%= host_param('lang') || 'en_US.UTF-8' %>
  72. selinux --<%= host_param('selinux-mode') || host_param('selinux') || 'enforcing' %>
  73. keyboard <%= host_param('keyboard') || 'us' %>
  74. skipx
  75.  
  76. <% subnet = @host.subnet -%>
  77. <% if subnet.respond_to?(:dhcp_boot_mode?) -%>
  78. <% dhcp = subnet.dhcp_boot_mode? && !@static -%>
  79. <% else -%>
  80. <% dhcp = !@static -%>
  81. <% end -%>
  82.  
  83. network --bootproto <%= dhcp ? 'dhcp' : "static --ip=#{@host.ip} --netmask=#{subnet.mask} --gateway=#{subnet.gateway} --nameserver=#{[subnet.dns_primary, subnet.dns_secondary].select{ |item| item.present? }.join(',')} --mtu=#{subnet.mtu.to_s}" %> --hostname <%= @host %><%= os_major >= 6 ? " --device=#{@host.mac}" : '' -%>
  84.  
  85. rootpw --iscrypted <%= root_pass %>
  86. <% if host_param_true?('disable-firewall') -%>
  87. firewall --disable
  88. <% else -%>
  89. firewall --<%= os_major >= 6 ? 'service=' : '' %>ssh
  90. <% end -%>
  91. <% if (is_fedora && os_major >= 28) || (rhel_compatible && os_major > 7) -%>
  92. authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
  93. <% else -%>
  94. authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
  95. <% end -%>
  96. <% if use_ntp -%>
  97. timezone --utc <%= host_param('time-zone') || 'UTC' %>
  98. <% else -%>
  99. timezone --utc <%= host_param('time-zone') || 'UTC' %> <%= host_param('ntp-server') ? "--ntpservers #{host_param('ntp-server')}" : '' %>
  100. <% end -%>
  101.  
  102. <% if rhel_compatible -%>
  103. services --disabled gpm,sendmail,cups,pcmcia,isdn,rawdevices,hpoj,bluetooth,openibd,avahi-daemon,avahi-dnsconfd,hidd,hplip,pcscd
  104. <% end -%>
  105.  
  106. <% if realm_compatible && host_enc['parameters']['realm'] && @host.realm && @host.realm.realm_type == 'Active Directory' -%>
  107. # One-time password will be requested at install time. Otherwise, $HOST[OTP] is used as a placeholder value.
  108. realm join --one-time-password='<%= @host.otp || "$HOST[OTP]" %>' <%= @host.realm %>
  109. <% end -%>
  110.  
  111. <% if @host.operatingsystem.name == 'Fedora' -%>
  112. repo --name=fedora-everything --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-<%= @host.operatingsystem.major %>&arch=<%= @host.architecture %><%= proxy_string %>
  113. <% end -%>
  114.  
  115. <% if @host.operatingsystem.name == 'OracleLinux' && os_major == 7 && os_minor < 5 -%>
  116. repo --name="Server-Mysql"
  117. <% end -%>
  118.  
  119. <% if @host.operatingsystem.name == 'Fedora' && os_major <= 16 -%>
  120. # Bootloader exception for Fedora 16:
  121. bootloader --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %> <%= ks_console %>" <%= @grub_pass %>
  122. part biosboot --fstype=biosboot --size=1
  123. <% else -%>
  124. bootloader --location=mbr --append="<%= host_param('bootloader-append') || 'nofb quiet splash=quiet' %>" <%= @grub_pass %>
  125. <% if os_major == 5 -%>
  126. key --skip
  127. <% end -%>
  128. <% end -%>
  129.  
  130. <% if @dynamic -%>
  131. %include /tmp/diskpart.cfg
  132. <% else -%>
  133. <%= @host.diskLayout %>
  134. <% end -%>
  135.  
  136. text
  137. <% if @host.respond_to?(:bootdisk_build?) && @host.bootdisk_build? %>
  138. reboot --eject
  139. <% else -%>
  140. reboot
  141. <% end -%>
  142.  
  143. %packages
  144. <%= snippet_if_exists(template_name + " custom packages") %>
  145. yum
  146. dhclient
  147. <% if use_ntp -%>
  148. ntp
  149. <% else -%>
  150. chrony
  151. <% end -%>
  152. wget
  153. @Core
  154. <% if os_major >= 6 -%>
  155. redhat-lsb-core
  156. <% end -%>
  157. <% if host_param_true?('fips_enabled') -%>
  158. <%=   snippet 'fips_packages' %>
  159. <% end -%>
  160.  
  161.  
  162. <% if salt_enabled %>
  163. salt-minion
  164. <% end -%>
  165. <%= section_end -%>
  166.  
  167. <% if @dynamic -%>
  168. %pre
  169. <%= snippet_if_exists(template_name + " custom pre") %>
  170. <%= @host.diskLayout %>
  171. <%= section_end -%>
  172. <% end -%>
  173.  
  174. %post --nochroot
  175. exec < /dev/tty3 > /dev/tty3
  176. #changing to VT 3 so that we can see whats going on....
  177. /usr/bin/chvt 3
  178. (
  179. cp -va /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
  180. /usr/bin/chvt 1
  181. ) 2>&1 | tee /mnt/sysimage/root/install.postnochroot.log
  182. <%= section_end -%>
  183.  
  184. <%#
  185. Main post script, if it fails the last post is still executed.
  186. %>
  187. %post --log=/mnt/sysimage/root/install.post.log
  188. logger "Starting anaconda <%= @host %> postinstall"
  189. exec < /dev/tty3 > /dev/tty3
  190. #changing to VT 3 so that we can see whats going on....
  191. /usr/bin/chvt 3
  192. <%= snippet_if_exists(template_name + " custom post") %>
  193. <% if subnet.respond_to?(:dhcp_boot_mode?) || @host.subnet6.respond_to?(:dhcp_boot_mode?) -%>
  194. <%= snippet 'kickstart_networking_setup' %>
  195. <% end -%>
  196.  
  197. echo "Updating system time"
  198. <% if use_ntp -%>
  199. /usr/sbin/ntpdate -sub <%= host_param('ntp-server') || '0.fedora.pool.ntp.org' %>
  200. <% else -%>
  201. /usr/bin/chronyc makestep
  202. <% end -%>
  203. /usr/sbin/hwclock --systohc
  204.  
  205. <% if proxy_uri -%>
  206. # Yum proxy
  207. echo 'proxy = <%= proxy_uri %>' >> /etc/yum.conf
  208. <% end -%>
  209.  
  210. <% if rhel_compatible && !host_param_false?('enable-epel') -%>
  211. <%= snippet 'epel' -%>
  212. <% end -%>
  213.  
  214. <%= snippet 'redhat_register' %>
  215.  
  216. <% if host_enc['parameters']['realm'] && @host.realm && (@host.realm.realm_type == 'FreeIPA' || @host.realm.realm_type == 'Red Hat Identity Management') -%>
  217. <%= snippet 'freeipa_register' %>
  218. <% end -%>
  219.  
  220. <% unless host_param_false?('package_upgrade') -%>
  221. # update all the base packages from the updates repository
  222. if [ -f /usr/bin/dnf ]; then
  223.   dnf -y update
  224. else
  225.   yum -t -y update
  226. fi
  227. <% end -%>
  228.  
  229. <%= snippet('remote_execution_ssh_keys') %>
  230.  
  231. <%= snippet "blacklist_kernel_modules" %>
  232.  
  233. <% if chef_enabled %>
  234. <%= snippet 'chef_client' %>
  235. <% end -%>
  236.  
  237. <% if puppet_enabled %>
  238. <% if host_param_true?('enable-puppetlabs-pc1-repo') || host_param_true?('enable-puppetlabs-repo') || host_param_true?('enable-puppetlabs-puppet5-repo') -%>
  239. <%= snippet 'puppetlabs_repo' %>
  240. <% end -%>
  241. <%= snippet 'puppet_setup' %>
  242. <% end -%>
  243.  
  244. <% if salt_enabled %>
  245. <%= snippet 'saltstack_setup' %>
  246. <% end -%>
  247.  
  248. <% if @host.operatingsystem.name == 'OracleLinux' && host_param_true?('disable-uek') -%>
  249. # Uninstall the Oracle Unbreakable Kernel packages
  250. yum -t -y remove kernel-uek*
  251. sed -e 's/DEFAULTKERNEL=kernel-uek/DEFAULTKERNEL=kernel/g' -i /etc/sysconfig/kernel
  252. <% end -%>
  253.  
  254. <%= snippet('ansible_provisioning_callback') %>
  255.  
  256. <%= snippet 'efibootmgr_netboot' %>
  257.  
  258. touch /tmp/foreman_built
  259. <%= section_end -%>
  260.  
  261. <%#
  262. The last post section halts Anaconda to prevent endless loop
  263. %>
  264. <% if (is_fedora && os_major < 20) || (rhel_compatible && os_major < 7) -%>
  265. %post
  266. <%= snippet('create_users') %>
  267. <% else -%>
  268. %post --erroronfail
  269. <% end -%>
  270. if test -f /tmp/foreman_built; then
  271.   echo "calling home: build is done!"
  272.   <%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'built', :method => 'POST', :body_file => '/mnt/sysimage/root/install.post.log' }) } -%>
  273. else
  274.   echo "calling home: build failed!"
  275.   <%= indent(2, skip1: true) { snippet('built', :variables => { :endpoint => 'failed', :method => 'POST', :body_file => '/mnt/sysimage/root/install.post.log' }) } -%>
  276. fi
  277.  
  278. sync
  279. <%= section_end -%>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top