RVIRUS0817/kvm-cent7.cfg

## kvm-cent7.cfg
#version=RHEL7
# System authorization information
auth --enableshadow --passalgo=sha512

# Use network installation
url --url="http://xxx.xxx.xxx.xxx/os/7/os/x86_64/"
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=vda
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8
#text
autostep
reboot

# Network information
network  --bootproto=static --device=eth0 --gateway=xxx.xxx.xxx.xxx --ip=xxx.xxx.xxx.xxx --nameserver=8.8.8.8 --netmask=255.255.255.0 --noipv6 --activate
network  --hostname=cent7
# Root password
adachinpw --iscrypted $1$adachin$xxxxxxxxxxxxxxxxx/
# System timezone
timezone Asia/Tokyo --isUtc --ntpservers=ntp-b2.nict.go.jp,ntp-a2.nict.go.jp,ntp-b3.nict.go.jp,ntp-a3.nict.go.jp
# System bootloader configuration
bootloader --location=mbr --boot-drive=vda
# Partition clearing information
clearpart --drives=vda --all
# Disk partitioning information
part / --fstype="xfs" --ondisk=vda --grow --size=0
part swap --fstype="swap" --ondisk=vda --size=1024
part /boot --fstype="xfs" --ondisk=vda --size=500 --asprimary

%packages
@core
%end

%post
## add user ###
groupadd -g 601 adachingrp && \
adduser -m -d /home/adachin -g 601 -u 601 adachingrp && \
echo 'adachin:$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' | chpasswd -e

## add pub-keys ##
mkdir /home/adachin/.ssh
echo 'ssh-rsa xxxxxxxxxxxxxxxxxxx== adachin@localhost.localdomain' >> /home/adachin/.ssh/authorized_keys
chmod 600 /home/adachin/.ssh/authorized_keys
chmod 700 /home/adachin/.ssh
chown -R adachin.adachingrp /home/adachin/.ssh

## set sudo ##
echo 'adachin        ALL=(ALL)       ALL' > /etc/sudoers.d/00_base
chmod 0440 /etc/sudoers.d/00_base

## change sshd config ##
cp /etc/ssh/sshd_config /var/tmp/sshd_config_org
cat << EOF >> /etc/ssh/sshd_config
### change sshd settings #####
AddressFamily inet
UseDNS no
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile     .ssh/authorized_keys
EOF

sed -i -e "s/PasswordAuthentication\ yes/PasswordAuthentication\ no/g" /etc/ssh/sshd_config
/sbin/service sshd restart
%end
	#version=RHEL7
	# System authorization information
	auth --enableshadow --passalgo=sha512

	# Use network installation
	url --url="http://xxx.xxx.xxx.xxx/os/7/os/x86_64/"
	# Run the Setup Agent on first boot
	firstboot --enable
	ignoredisk --only-use=vda
	# Keyboard layouts
	keyboard --vckeymap=us --xlayouts='us'
	# System language
	lang en_US.UTF-8
	#text
	autostep
	reboot

	# Network information
	network --bootproto=static --device=eth0 --gateway=xxx.xxx.xxx.xxx --ip=xxx.xxx.xxx.xxx --nameserver=8.8.8.8 --netmask=255.255.255.0 --noipv6 --activate
	network --hostname=cent7
	# Root password
	adachinpw --iscrypted $1$adachin$xxxxxxxxxxxxxxxxx/
	# System timezone
	timezone Asia/Tokyo --isUtc --ntpservers=ntp-b2.nict.go.jp,ntp-a2.nict.go.jp,ntp-b3.nict.go.jp,ntp-a3.nict.go.jp
	# System bootloader configuration
	bootloader --location=mbr --boot-drive=vda
	# Partition clearing information
	clearpart --drives=vda --all
	# Disk partitioning information
	part / --fstype="xfs" --ondisk=vda --grow --size=0
	part swap --fstype="swap" --ondisk=vda --size=1024
	part /boot --fstype="xfs" --ondisk=vda --size=500 --asprimary

	%packages
	@core
	%end

	%post
	## add user ###
	groupadd -g 601 adachingrp && \
	adduser -m -d /home/adachin -g 601 -u 601 adachingrp && \
	echo 'adachin:$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \| chpasswd -e

	## add pub-keys ##
	mkdir /home/adachin/.ssh
	echo 'ssh-rsa xxxxxxxxxxxxxxxxxxx== adachin@localhost.localdomain' >> /home/adachin/.ssh/authorized_keys
	chmod 600 /home/adachin/.ssh/authorized_keys
	chmod 700 /home/adachin/.ssh
	chown -R adachin.adachingrp /home/adachin/.ssh

	## set sudo ##
	echo 'adachin ALL=(ALL) ALL' > /etc/sudoers.d/00_base
	chmod 0440 /etc/sudoers.d/00_base

	## change sshd config ##
	cp /etc/ssh/sshd_config /var/tmp/sshd_config_org
	cat << EOF >> /etc/ssh/sshd_config
	### change sshd settings #####
	AddressFamily inet
	UseDNS no
	PermitRootLogin no
	PubkeyAuthentication yes
	AuthorizedKeysFile .ssh/authorized_keys
	EOF

	sed -i -e "s/PasswordAuthentication\ yes/PasswordAuthentication\ no/g" /etc/ssh/sshd_config
	/sbin/service sshd restart
	%end