Skip to content

Instantly share code, notes, and snippets.

@andrewklau

andrewklau/centosami.ks

Last active February 12, 2017 17:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save andrewklau/9c354a43976d951bdedd to your computer and use it in GitHub Desktop.
Save andrewklau/9c354a43976d951bdedd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
centosami.ks
skipx
text
install
url --url=http://mirror.optus.net/centos/6/os/x86_64
# Firewall configuration
firewall --enabled --service=ssh
repo --name="repo0" --baseurl=http://mirror.centos.org/centos/6/os/x86_64/
repo --name="repo1" --baseurl=http://mirror.optus.net/centos/6/updates/x86_64/
repo --name="repo2" --baseurl=http://mirror.optus.net/epel/6/x86_64/
repo --name="repo3" --baseurl=http://yum.puppetlabs.com/el/6/products/x86_64/
repo --name="repo4" --baseurl=http://yum.puppetlabs.com/el/6/dependencies/x86_64/
rootpw --iscrypted $6$lApTqNOAYmyCrIfy$dXt9vKgMGihzZZniafkcHyMf/QzM7iSDmcLwEVcO.IewBP0EX9HVCJJrMXsv1u2Er568sma/jdPi4dcOFDvXA0
authconfig --enableshadow --passalgo=sha512
# System keyboard
keyboard us
# System language
lang en_US.UTF-8
# SELinux configuration
selinux --enforcing
# System services
services --enabled="network,sshd,rsyslog,tuned,acpid"
# System timezone
timezone Australia/Melbourne
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on
bootloader --location=mbr --driveorder=xvda --append="xen_blkfront.sda_is_xvda=1 console=tty0 crashkernel=auto"
zerombr
clearpart --all --drives=xvda
part / --fstype=ext4 --size=1000 --grow
shutdown
%packages --nobase
epel-release
acpid
attr
audit
authconfig
basesystem
bash
coreutils
cpio
cronie
device-mapper
dhclient
dracut
e2fsprogs
efibootmgr
filesystem
glibc
grub
puppetlabs-release
puppet-3.4.3
initscripts
iproute
iptables
iptables-ipv6
iputils
kbd
kernel
kpartx
ncurses
net-tools
nfs-utils
openssh-clients
openssh-server
parted
passwd
policycoreutils
procps
rootfiles
rpm
rsync
rsyslog
selinux-policy
selinux-policy-targeted
sendmail
setup
shadow-utils
sudo
syslinux
tar
tuned
util-linux-ng
vim-minimal
yum
yum-metadata-parser
# User Specific
cloud-init
nano
screen
ntp
ntpdate
man
curl
wget
yum-versionlock
dracut-modules-growroot
-*-firmware
-NetworkManager
-b43-openfwwf
-biosdevname
-fprintd
-fprintd-pam
-gtk2
-libfprint
-mcelog
-plymouth
-redhat-support-tool
-system-config-*
-wireless-tools
%end
# post stuff, here's where we do all the customisation
%post
# allow sudo powers to cloud-user
echo -e 'cloud-user\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
# lock root password
passwd -d root
passwd -l root
# set virtual-guest as default profile for tuned
echo "virtual-guest" > /etc/tune-profiles/active-profile
# prevent udev rules from remapping nics
touch /etc/udev/rules.d/75-persistent-net-generator.rules
# lock puppet to 3.4.3
yum versionlock puppet
yum -y update
# swap can lead to high I/O in a "cloud", but linux likes a bit of swap
# let's create a small swap file, 64 MB
fallocate -l 64M /swap.IMG
chmod 600 /swap.IMG
mkswap /swap.IMG
# and add it to fstab
cat << EOF >> /etc/fstab
/swap.IMG swap swap defaults 0 0
EOF
# Fix some first boot issues
rpm --rebuilddb
# Fix hostname on boot
sed -i -e 's/\(preserve_hostname:\).*/\1 False/' /etc/cloud/cloud.cfg
sed -i '/HOSTNAME/d' /etc/sysconfig/network
rm /etc/hostname
# DHCP provides resolv.conf
echo "" > /etc/resolv.conf
# Use label for fstab, not UUID
e2label /dev/xvda1 "/"
sed -i -e 's?^UUID=.* / .*?LABEL=/ / ext4 defaults,relatime 1 1?' /etc/fstab
# PVGRUB uses hd0 not hd0,0, use label
sed -i -e 's?UUID=[^ ]*?LABEL=/?' -e 's/rhgb quiet//' /boot/grub/menu.lst
# Remove all mac address references
sed -i '/HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i '/HOSTNAME/d' /etc/sysconfig/network-scripts/ifcfg-eth0
# no password ssh root login allowed
sed -i 's/disable_root: 1/disable_root: 0/' /etc/cloud/cloud.cfg
# Touch some key files
touch /root/firstrun
touch /.autorelabel
cat << EOF >> /etc/rc.local
# set a random pass on first boot
if [ -f /root/firstrun ]; then
dd if=/dev/urandom count=50|md5sum|passwd --stdin root
passwd -l root
rm -f /root/firstrun
fi
if [ ! -d /root/.ssh ] ; then
mkdir -p /root/.ssh
chmod 0700 /root/.ssh
restorecon /root/.ssh
fi
EOF
# Clean up
yum clean all
rm -f /root/anaconda-ks.cfg
rm -f /root/install.log
rm -f /root/install.log.syslog
find /var/log -type f -delete
%end
Raw
createami
# Start with RightImage_CentOS_6.5_x64_v13.5.2_HVM_EBS (ami-45950b7f)
mkdir /boot/centos
cd /boot/centos
wget http://mirror.web24.net.au/centos/6/os/x86_64/isolinux/vmlinuz
wget http://mirror.web24.net.au/centos/6/os/x86_64/isolinux/initrd.img
echo '
default 0
timeout 0
hiddenmenu
title CentOS 6 VNC Installation
root (hd0,0)
kernel /boot/centos/vmlinuz vnc vncpassword=asdasd ip=dhcp xen_blkfront.sda_is_xvda=1 ksdevice=eth0 ks=http://172.16.0.50/aminew.ks method=http://mirror.web24.net.au/centos/6/os/x86_64/ lang=en_US keymap=us
initrd /boot/centos/initrd.img ' > /boot/grub/menu.lst
reboot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment