Last active
February 12, 2021 18:16
-
-
Save acidprime/3c673dfebd5a0b309cbc22095da348e7 to your computer and use it in GitHub Desktop.
Centos 7 Puppet Kickstart file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -x | |
| rm -rf ca | |
| rm -rf certs | |
| mkdir -p ca | |
| openssl genrsa -out ca/ca_key.pem 2048 | |
| openssl rsa -in ca/ca_key.pem -pubout -out ca/ca_pub.pem | |
| openssl req \ | |
| -x509 \ | |
| -new \ | |
| -nodes \ | |
| -key ca/ca_key.pem \ | |
| -sha256 \ | |
| -days 3000 \ | |
| -out ca/ca_crt.pem \ | |
| -config openssl.conf | |
| touch ca/inventory.txt | |
| echo "03" > ca/serial | |
| openssl ca \ | |
| -create_serial \ | |
| -config openssl.conf \ | |
| -crldays 1460 \ | |
| -gencrl \ | |
| -out ca/ca_crl.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -x | |
| yum install git -y | |
| yum update -y nss curl libcurl | |
| /opt/puppetlabs/puppet/bin/gem install r10k | |
| mkdir -p ~/.ssh | |
| ssh-keyscan github.com > ~/.ssh/known_hosts | |
| cp /etc/puppetlabs/puppet/ssl/id_rsa ~/.ssh/id_rsa | |
| /opt/puppetlabs/puppet/bin/r10k \ | |
| deploy environment \ | |
| -p \ | |
| -v debug2 \ | |
| --color \ | |
| -c /etc/puppetlabs/puppet/ssl/r10k.yaml | |
| /opt/puppetlabs/bin/puppet agent -t | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ default ] | |
| ca = root-ca | |
| [ ca ] | |
| default_ca = root_ca | |
| [ root_ca ] | |
| dir = /etc/puppetlabs/puppet/ssl/ca | |
| certs = $dir/certs | |
| serial = $dir/serial | |
| database = $dir/inventory.txt | |
| private_key = $dir/ca_key.pem | |
| certificate = $dir/ca_crt.pem | |
| crl = $dir/ca_crl.pem | |
| unique_subject = no | |
| default_md = sha1 | |
| default_days = 365 | |
| default_crl_days= 365 | |
| preserve = no | |
| [req] | |
| default_bits = 2048 | |
| prompt = no | |
| distinguished_name = req_distinguished_name | |
| req_extensions = req_ext | |
| [ req_distinguished_name ] | |
| CN = "Puppet CA: puppet.homeops.tech" | |
| [v3_req] | |
| # Extensions to add to a certificate request | |
| basicConstraints = CA:FALSE | |
| keyUsage = digitalSignature, keyEncipherment | |
| subjectAltName = @alt_names | |
| [ req_ext ] | |
| subjectAltName = @alt_names | |
| [alt_names] | |
| DNS.1 = puppet.homeops.tech | |
| DNS.2 = puppet |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CentOS 7.x kickstart file - puppet.cfg | |
| # Required settings | |
| lang en_US.UTF-8 | |
| keyboard us | |
| rootpw packer | |
| authconfig --enableshadow --enablemd5 | |
| timezone UTC | |
| # Optional settings | |
| install | |
| cdrom | |
| user --name=packer --plaintext --password packer | |
| services --disabled=NetworkManager --enabled=network,sshd | |
| unsupported_hardware | |
| network --bootproto=dhcp | |
| firewall --disabled | |
| selinux --permissive | |
| bootloader --location=mbr | |
| text | |
| skipx | |
| zerombr | |
| clearpart --all --initlabel | |
| autopart --type=lvm | |
| firstboot --disabled | |
| selinux --permissive | |
| reboot | |
| network --onboot yes --device ens33 \ | |
| --bootproto=static \ | |
| --ip=192.168.53.53 \ | |
| --netmask=255.255.255.0 \ | |
| --gateway=192.168.53.1 \ | |
| --nameserver=192.168.53.60 \ | |
| --nameserver=192.168.53.70 \ | |
| --noipv6 \ | |
| --hostname=puppet.homeops.tech | |
| %packages --nobase --ignoremissing --excludedocs | |
| # packer needs this to copy initial files via scp | |
| openssh-clients | |
| @base | |
| kernel-headers | |
| kernel-devel | |
| gcc | |
| make | |
| perl | |
| curl | |
| wget | |
| bzip2 | |
| dkms | |
| patch | |
| net-tools | |
| git | |
| sudo | |
| nfs-utils | |
| %end | |
| %post --log=/var/log/post-install.log | |
| # Disable 'consistent network device naming' and make things act more or less reasonable in a VM-oriented context. | |
| echo > /etc/udev/rules.d/70-persistent-net.rules | |
| echo > /etc/udev/rules.d/75-persistent-net-generator.rules | |
| sed -i'' -e '/UUID=/d' /etc/sysconfig/network-scripts/ifcfg-ens33 | |
| sed -i'' -e '/HWADDR=/d' /etc/sysconfig/network-scripts/ifcfg-ens33 | |
| sed -i'' -e '/DHCP_HOSTNAME=/d' /etc/sysconfig/network-scripts/ifcfg-ens33 | |
| sed -i'' -e 's/NM_CONTROLLED=.*/NM_CONTROLLED="no"/' /etc/sysconfig/network-scripts/ifcfg-ens33 | |
| echo "Setting up ifcfg-ens33" | |
| for nic in /etc/sysconfig/network-scripts/ifcfg-eth*; do sed -i /HWADDR/d $nic; done | |
| sed -i -e '/#UseDNS yes/a UseDNS no' /etc/ssh/sshd_config | |
| yum -y remove networkmanager | |
| # Configure Synology LDAP | |
| authconfig --kickstart --enableshadow --enablemd5 --enableldap --enableldapauth --ldapserver synology.homeops.tech --ldapbasedn dc=homeops,dc=tech | |
| # configure packer user in sudoers | |
| echo "%packer ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/packer | |
| chmod 0440 /etc/sudoers.d/packer | |
| cp /etc/sudoers /etc/sudoers.orig | |
| sed -i "s/^\(.*requiretty\)$/#\1/" /etc/sudoers | |
| # Configure Puppet | |
| mkdir -p /etc/puppetlabs/puppet/ssl | |
| echo '#!/bin/sh' > /etc/rc.d/rc.local | |
| chmod 0755 /etc/rc.d/rc.local | |
| echo 'mkdir -p /etc/puppetlabs/puppet/ssl' >> /etc/rc.d/rc.local | |
| echo 'mount -t nfs synology.homeops.tech:/volume1/ssl /etc/puppetlabs/puppet/ssl/' >> /etc/rc.d/rc.local | |
| echo 'yum clean all' >> /etc/rc.d/rc.local | |
| echo 'yum update' >> /etc/rc.d/rc.local | |
| echo '!!!!!Replace with your ca.sh!!!!!'>> /etc/rc.d/rc.local | |
| echo '!!!!!Replace with your puppetserver.sh!!!!!'>> /etc/rc.d/rc.local | |
| echo '!!!!!Replace with your code.sh!!!!!'>> /etc/rc.d/rc.local | |
| echo '/usr/bin/rm -rf /etc/rc.d/rc.local' >> /etc/rc.d/rc.local | |
| %end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "_comment": "Build with `ESXI_PASSWORD=foo packer build puppet.json`", | |
| "variables": { | |
| "esxi_password": "" | |
| }, | |
| "builders": [ | |
| { | |
| "vm_name": "puppet.homeops.tech", | |
| "type": "vmware-iso", | |
| "iso_url": "http://ftp.iij.ad.jp/pub/linux/centos-vault/7.2.1511/isos/x86_64/CentOS-7-x86_64-DVD-1511.iso", | |
| "iso_checksum": "4c6c65b5a70a1142dadb3c65238e9e97253c0d3a", | |
| "iso_checksum_type": "sha1", | |
| "ssh_username": "packer", | |
| "ssh_password": "packer", | |
| "ssh_wait_timeout": "10m", | |
| "disk_size": "100000", | |
| "tools_upload_flavor": "linux", | |
| "guest_os_type": "centos-64", | |
| "remote_type": "esx5", | |
| "remote_username": "root", | |
| "remote_password": "", | |
| "remote_datastore": "synology.homeops.tech", | |
| "remote_cache_datastore": "datastore1", | |
| "remote_host": "esxi.homeops.tech", | |
| "ssh_wait_timeout": "1000s", | |
| "keep_registered": true, | |
| "headless": "false", | |
| "shutdown_command": "sudo /sbin/halt -p", | |
| "floppy_files": [ | |
| "floppy/puppet.cfg" | |
| ], | |
| "boot_command": [ | |
| "<tab> inst.text inst.ks=hd:fd0:/puppet.cfg <enter><wait>" | |
| ], | |
| "vmx_data": { | |
| "ethernet0.networkName": "VM Net", | |
| "config.version": 8, | |
| "virtualHW.version": 8, | |
| "ethernet0.present": "TRUE", | |
| "ethernet0.virtualDev": "e1000", | |
| "ethernet0.startConnected": "TRUE", | |
| "ethernet0.addressType": "generated", | |
| "ethernet0.generatedAddressOffset": "0", | |
| "ethernet0.wakeOnPcktRcv": "FALSE", | |
| "memsize": "3096", | |
| "cpuid.coresPerSocket": "1", | |
| "numvcpus": "4", | |
| "vhv.enable": "TRUE", | |
| "RemoteDisplay.vnc.enabled": "TRUE", | |
| "RemoteDisplay.vnc.port": "5900" | |
| } | |
| } | |
| ] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -x | |
| wget https://yum.puppet.com/puppet6-release-el-7.noarch.rpm | |
| rpm -Uvh puppet6-release-el-7.noarch.rpm | |
| yum install puppet -y | |
| yum install puppetserver -y | |
| puppetserver ca setup | |
| systemctl start puppetserver | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment