ak2196/ami.ks

## ami.ks
# Lorax Composer AMI output kickstart template

# Firewall configuration
firewall --disabled

# NOTE: The root account is locked by default
# Network information
network  --bootproto=dhcp --onboot=on --activate
# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
# System keyboard
keyboard --xlayouts=us --vckeymap=us
# System language
lang en_US.UTF-8
# SELinux configuration
selinux --enforcing
# Installation logging level
logging --level=info
# Shutdown after installation
shutdown
# System timezone
#timezone  US/Eastern
timezone  UTC
# System bootloader configuration
bootloader --location=mbr --append="no_timer_check console=ttyS0,115200n8 console=tty1 biosdevname=0 net.ifnames=0 transparent_hugepage=never nvme_core.io_timeout=4294967295 psi=1"
# Add platform specific partitions
#reqpart --add-boot

# Basic services
services --enabled=sshd,chronyd,cloud-init

%post
# Remove random-seed
rm /var/lib/systemd/random-seed

# Clear /etc/machine-id
rm /etc/machine-id
touch /etc/machine-id

# tell cloud-init to create the ec2-user account
#sed -i 's/cloud-user/ec2-user/' /etc/cloud/cloud.cfg

# Remove the rescue kernel and image to save space
rm -f /boot/*-rescue*


sed -i -e 's/^#PermitRootLogin.*/PermitRootLogin without-password/' \
       -e 's/^#UseDNS.*/UseDNS no/' \
       -e 's/^PasswordAuthentication.*/PasswordAuthentication no/' \
       /etc/ssh/sshd_config

sed -i -e '1 i\preserve_hostname: true\n' \
       -e '/^users:$/,+2d' \
       -e 's/^disable_root: 1$/disable_root: 0/' \
       -e '/default_user/,+6d' /etc/cloud/cloud.cfg

echo 'net.ipv4.tcp_fastopen = 3' >> /etc/sysctl.d/99-custom-base.conf

%end

%packages
kernel
selinux-policy-targeted

chrony

cloud-init

cloud-utils-growpart
ec2-utils
ec2-net-utils

# NOTE lorax-composer will add the blueprint packages below here, including the final %end
	# Lorax Composer AMI output kickstart template

	# Firewall configuration
	firewall --disabled

	# NOTE: The root account is locked by default
	# Network information
	network --bootproto=dhcp --onboot=on --activate
	# NOTE: keyboard and lang can be replaced by blueprint customizations.locale settings
	# System keyboard
	keyboard --xlayouts=us --vckeymap=us
	# System language
	lang en_US.UTF-8
	# SELinux configuration
	selinux --enforcing
	# Installation logging level
	logging --level=info
	# Shutdown after installation
	shutdown
	# System timezone
	#timezone US/Eastern
	timezone UTC
	# System bootloader configuration
	bootloader --location=mbr --append="no_timer_check console=ttyS0,115200n8 console=tty1 biosdevname=0 net.ifnames=0 transparent_hugepage=never nvme_core.io_timeout=4294967295 psi=1"
	# Add platform specific partitions
	#reqpart --add-boot

	# Basic services
	services --enabled=sshd,chronyd,cloud-init

	%post
	# Remove random-seed
	rm /var/lib/systemd/random-seed

	# Clear /etc/machine-id
	rm /etc/machine-id
	touch /etc/machine-id

	# tell cloud-init to create the ec2-user account
	#sed -i 's/cloud-user/ec2-user/' /etc/cloud/cloud.cfg

	# Remove the rescue kernel and image to save space
	rm -f /boot/-rescue


	sed -i -e 's/^#PermitRootLogin.*/PermitRootLogin without-password/' \
	-e 's/^#UseDNS.*/UseDNS no/' \
	-e 's/^PasswordAuthentication.*/PasswordAuthentication no/' \
	/etc/ssh/sshd_config

	sed -i -e '1 i\preserve_hostname: true\n' \
	-e '/^users:$/,+2d' \
	-e 's/^disable_root: 1$/disable_root: 0/' \
	-e '/default_user/,+6d' /etc/cloud/cloud.cfg

	echo 'net.ipv4.tcp_fastopen = 3' >> /etc/sysctl.d/99-custom-base.conf

	%end

	%packages
	kernel
	selinux-policy-targeted

	chrony

	cloud-init

	cloud-utils-growpart
	ec2-utils
	ec2-net-utils

	# NOTE lorax-composer will add the blueprint packages below here, including the final %end