Last active
August 29, 2015 13:59
-
-
Save andrewklau/10443417 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
skipx | |
text | |
install | |
# Firewall configuration | |
firewall --enabled --service=ssh | |
repo --name="repo0" --baseurl=http://mirror.web24.net.au/centos/6/os/x86_64 | |
repo --name="repo1" --baseurl=http://mirror.web24.net.au/centos/6/updates/x86_64 | |
repo --name="repo2" --baseurl=http://mirror.web24.net.au/epel/6/x86_64/ | |
repo --name="repo3" --baseurl=http://repos.fedorapeople.org/repos/openstack/cloud-init/epel-6 | |
repo --name="repo4" --baseurl=http://yum.puppetlabs.com/el/6/products/x86_64 | |
repo --name="repo5" --baseurl=http://yum.puppetlabs.com/el/6/dependencies/x86_64 | |
# Root password | |
rootpw --iscrypted --lock $1$2e74e5$wMj25e4rEb4rJxqm7BAnk0 | |
# System authorization information | |
auth --useshadow --enablemd5 | |
# System keyboard | |
keyboard us | |
# System language | |
lang en_US.UTF-8 | |
# SELinux configuration | |
selinux --enforcing | |
# Installation logging level | |
logging --level=info | |
# System services | |
services --disabled="avahi-daemon,iscsi,iscsid,firstboot,kdump" --enabled="network,sshd,rsyslog,tuned" | |
# System timezone | |
timezone Australia/Melbourne | |
# Network information | |
network --bootproto=dhcp --device=eth0 --onboot=on | |
# System bootloader configuration | |
bootloader --append="console=ttyS0,115200n8 console=tty0 clocksource_failover=acpi_pm" --location=mbr --timeout=1 | |
# Clear the Master Boot Record | |
zerombr | |
# Partition clearing information | |
clearpart --all | |
# Disk partitioning information | |
part / --fstype="ext4" --size=15360 | |
# halt the machine once everything is done | |
poweroff | |
%packages --nobase | |
epel-release | |
puppetlabs-release | |
acpid | |
attr | |
audit | |
authconfig | |
basesystem | |
bash | |
cloud-init | |
coreutils | |
cpio | |
cronie | |
device-mapper | |
dhclient | |
dracut | |
e2fsprogs | |
efibootmgr | |
filesystem | |
glibc | |
grub | |
heat-cfntools | |
initscripts | |
iproute | |
iptables | |
iptables-ipv6 | |
iputils | |
kbd | |
kernel | |
kpartx | |
ncurses | |
net-tools | |
nfs-utils | |
openssh-clients | |
openssh-server | |
parted | |
passwd | |
policycoreutils | |
procps | |
rootfiles | |
rpm | |
rsync | |
rsyslog | |
selinux-policy | |
selinux-policy-targeted | |
sendmail | |
setup | |
shadow-utils | |
sudo | |
syslinux | |
tar | |
tuned | |
util-linux-ng | |
vim-minimal | |
yum | |
yum-metadata-parser | |
# User Specific | |
tmux | |
ovirt-guest-agent | |
puppet | |
nano | |
screen | |
ntp | |
ntpdate | |
man | |
curl | |
wget | |
-*-firmware | |
-NetworkManager | |
-b43-openfwwf | |
-biosdevname | |
-fprintd | |
-fprintd-pam | |
-gtk2 | |
-libfprint | |
-mcelog | |
-plymouth | |
-redhat-support-tool | |
-system-config-* | |
-wireless-tools | |
%end | |
# post stuff, here's where we do all the customisation | |
%post | |
# make sure firstboot doesn't start | |
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot | |
cat <<EOL >> /etc/rc.local | |
if [ ! -d /root/.ssh ] ; then | |
mkdir -p /root/.ssh | |
chmod 0700 /root/.ssh | |
restorecon /root/.ssh | |
fi | |
EOL | |
cat <<EOL >> /etc/ssh/sshd_config | |
UseDNS no | |
PermitRootLogin without-password | |
EOL | |
# bz705572 | |
ln -s /boot/grub/grub.conf /etc/grub.conf | |
# bz688608 | |
sed -i 's|\(^PasswordAuthentication \)yes|\1no|' /etc/ssh/sshd_config | |
# allow sudo powers to cloud-user | |
echo -e 'cloud-user\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers | |
# bz983611 | |
echo "NOZEROCONF=yes" >> /etc/sysconfig/network | |
# set virtual-guest as default profile for tuned | |
echo "virtual-guest" > /etc/tune-profiles/active-profile | |
#bz 1011013 | |
# set eth0 to recover from dhcp errors | |
# let ovirt decide bootproto | |
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF | |
DEVICE="eth0" | |
#BOOTPROTO="dhcp" | |
ONBOOT="yes" | |
TYPE="Ethernet" | |
USERCTL="yes" | |
PEERDNS="yes" | |
IPV6INIT="no" | |
PERSISTENT_DHCLIENT="1" | |
EOF | |
#bz912801 | |
# prevent udev rules from remapping nics | |
touch /etc/udev/rules.d/75-persistent-net-generator.rules | |
#setup getty on ttyS0 | |
echo "ttyS0" >> /etc/securetty | |
cat <<EOF > /etc/init/ttyS0.conf | |
start on stopped rc RUNLEVEL=[2345] | |
stop on starting runlevel [016] | |
respawn | |
instance /dev/ttyS0 | |
exec /sbin/agetty /dev/ttyS0 115200 vt100-nav | |
EOF | |
# lock root password | |
passwd -d root | |
passwd -l root | |
# cloud-init is not able to expand the partition to match the new vdisk size, we need to work around it from the initramfs, before the filesystem gets mounted | |
# to accomplish this we need to generate a custom initrd | |
cat << EOF > 05-extend-rootpart.sh | |
#!/bin/sh | |
/bin/echo | |
/bin/echo RESIZING THE PARTITION | |
/bin/echo "d | |
n | |
p | |
1 | |
2048 | |
w | |
" | /sbin/fdisk -c -u /dev/vda | |
/sbin/e2fsck -f /dev/vda1 | |
/sbin/resize2fs /dev/vda1 | |
EOF | |
chmod +x 05-extend-rootpart.sh | |
dracut --force --include 05-extend-rootpart.sh /mount --install 'echo fdisk e2fsck resize2fs' /boot/"initramfs-extend_rootpart-$(ls /boot/|grep initramfs|sed s/initramfs-//g)" $(ls /boot/|grep vmlinuz|sed s/vmlinuz-//g) | |
rm -f 05-extend-rootpart.sh | |
tail -4 /boot/grub/grub.conf | sed s/initramfs/initramfs-extend_rootpart/g| sed s/CentOS/ResizePartition/g | sed s/crashkernel=auto/crashkernel=0@0/g >> /boot/grub/grub.conf | |
# let's run the kernel & initramfs that expands the partition only once | |
echo "savedefault --default=1 --once" | grub --batch | |
# swap can lead to high I/O in a "cloud", but linux likes a bit of swap | |
# let's create a small swap file, 64 MB | |
fallocate -l 64M /swap.IMG | |
chmod 600 /swap.IMG | |
mkswap /swap.IMG | |
# and add it to fstab | |
cat << EOF >> /etc/fstab | |
/swap.IMG swap swap defaults 0 0 | |
EOF | |
# let's clean it up a bit | |
yum clean all | |
rm -rf /etc/ssh/*key* | |
rm -f /etc/udev/rules.d/*-persistent-* | |
sed -i '/HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth0 | |
sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth0 | |
sed -i 's,UUID=[^[:blank:]]*,/dev/vda1,' /etc/fstab | |
sed -i 's,UUID=[^[:blank:]]*,/dev/vda1,' /boot/grub/grub.conf | |
rm -f /root/anaconda-ks.cfg | |
rm -f /root/install.log | |
rm -f /root/install.log.syslog | |
find /var/log -type f -delete | |
%end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment