Last active
February 12, 2017 17:59
-
-
Save andrewklau/9c354a43976d951bdedd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
skipx | |
text | |
install | |
url --url=http://mirror.optus.net/centos/6/os/x86_64 | |
# Firewall configuration | |
firewall --enabled --service=ssh | |
repo --name="repo0" --baseurl=http://mirror.centos.org/centos/6/os/x86_64/ | |
repo --name="repo1" --baseurl=http://mirror.optus.net/centos/6/updates/x86_64/ | |
repo --name="repo2" --baseurl=http://mirror.optus.net/epel/6/x86_64/ | |
repo --name="repo3" --baseurl=http://yum.puppetlabs.com/el/6/products/x86_64/ | |
repo --name="repo4" --baseurl=http://yum.puppetlabs.com/el/6/dependencies/x86_64/ | |
rootpw --iscrypted $6$lApTqNOAYmyCrIfy$dXt9vKgMGihzZZniafkcHyMf/QzM7iSDmcLwEVcO.IewBP0EX9HVCJJrMXsv1u2Er568sma/jdPi4dcOFDvXA0 | |
authconfig --enableshadow --passalgo=sha512 | |
# System keyboard | |
keyboard us | |
# System language | |
lang en_US.UTF-8 | |
# SELinux configuration | |
selinux --enforcing | |
# System services | |
services --enabled="network,sshd,rsyslog,tuned,acpid" | |
# System timezone | |
timezone Australia/Melbourne | |
# Network information | |
network --bootproto=dhcp --device=eth0 --onboot=on | |
bootloader --location=mbr --driveorder=xvda --append="xen_blkfront.sda_is_xvda=1 console=tty0 crashkernel=auto" | |
zerombr | |
clearpart --all --drives=xvda | |
part / --fstype=ext4 --size=1000 --grow | |
shutdown | |
%packages --nobase | |
epel-release | |
acpid | |
attr | |
audit | |
authconfig | |
basesystem | |
bash | |
coreutils | |
cpio | |
cronie | |
device-mapper | |
dhclient | |
dracut | |
e2fsprogs | |
efibootmgr | |
filesystem | |
glibc | |
grub | |
puppetlabs-release | |
puppet-3.4.3 | |
initscripts | |
iproute | |
iptables | |
iptables-ipv6 | |
iputils | |
kbd | |
kernel | |
kpartx | |
ncurses | |
net-tools | |
nfs-utils | |
openssh-clients | |
openssh-server | |
parted | |
passwd | |
policycoreutils | |
procps | |
rootfiles | |
rpm | |
rsync | |
rsyslog | |
selinux-policy | |
selinux-policy-targeted | |
sendmail | |
setup | |
shadow-utils | |
sudo | |
syslinux | |
tar | |
tuned | |
util-linux-ng | |
vim-minimal | |
yum | |
yum-metadata-parser | |
# User Specific | |
cloud-init | |
nano | |
screen | |
ntp | |
ntpdate | |
man | |
curl | |
wget | |
yum-versionlock | |
dracut-modules-growroot | |
-*-firmware | |
-NetworkManager | |
-b43-openfwwf | |
-biosdevname | |
-fprintd | |
-fprintd-pam | |
-gtk2 | |
-libfprint | |
-mcelog | |
-plymouth | |
-redhat-support-tool | |
-system-config-* | |
-wireless-tools | |
%end | |
# post stuff, here's where we do all the customisation | |
%post | |
# allow sudo powers to cloud-user | |
echo -e 'cloud-user\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers | |
# lock root password | |
passwd -d root | |
passwd -l root | |
# set virtual-guest as default profile for tuned | |
echo "virtual-guest" > /etc/tune-profiles/active-profile | |
# prevent udev rules from remapping nics | |
touch /etc/udev/rules.d/75-persistent-net-generator.rules | |
# lock puppet to 3.4.3 | |
yum versionlock puppet | |
yum -y update | |
# swap can lead to high I/O in a "cloud", but linux likes a bit of swap | |
# let's create a small swap file, 64 MB | |
fallocate -l 64M /swap.IMG | |
chmod 600 /swap.IMG | |
mkswap /swap.IMG | |
# and add it to fstab | |
cat << EOF >> /etc/fstab | |
/swap.IMG swap swap defaults 0 0 | |
EOF | |
# Fix some first boot issues | |
rpm --rebuilddb | |
# Fix hostname on boot | |
sed -i -e 's/\(preserve_hostname:\).*/\1 False/' /etc/cloud/cloud.cfg | |
sed -i '/HOSTNAME/d' /etc/sysconfig/network | |
rm /etc/hostname | |
# DHCP provides resolv.conf | |
echo "" > /etc/resolv.conf | |
# Use label for fstab, not UUID | |
e2label /dev/xvda1 "/" | |
sed -i -e 's?^UUID=.* / .*?LABEL=/ / ext4 defaults,relatime 1 1?' /etc/fstab | |
# PVGRUB uses hd0 not hd0,0, use label | |
sed -i -e 's?UUID=[^ ]*?LABEL=/?' -e 's/rhgb quiet//' /boot/grub/menu.lst | |
# Remove all mac address references | |
sed -i '/HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth0 | |
sed -i '/HOSTNAME/d' /etc/sysconfig/network-scripts/ifcfg-eth0 | |
# no password ssh root login allowed | |
sed -i 's/disable_root: 1/disable_root: 0/' /etc/cloud/cloud.cfg | |
# Touch some key files | |
touch /root/firstrun | |
touch /.autorelabel | |
cat << EOF >> /etc/rc.local | |
# set a random pass on first boot | |
if [ -f /root/firstrun ]; then | |
dd if=/dev/urandom count=50|md5sum|passwd --stdin root | |
passwd -l root | |
rm -f /root/firstrun | |
fi | |
if [ ! -d /root/.ssh ] ; then | |
mkdir -p /root/.ssh | |
chmod 0700 /root/.ssh | |
restorecon /root/.ssh | |
fi | |
EOF | |
# Clean up | |
yum clean all | |
rm -f /root/anaconda-ks.cfg | |
rm -f /root/install.log | |
rm -f /root/install.log.syslog | |
find /var/log -type f -delete | |
%end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Start with RightImage_CentOS_6.5_x64_v13.5.2_HVM_EBS (ami-45950b7f) | |
mkdir /boot/centos | |
cd /boot/centos | |
wget http://mirror.web24.net.au/centos/6/os/x86_64/isolinux/vmlinuz | |
wget http://mirror.web24.net.au/centos/6/os/x86_64/isolinux/initrd.img | |
echo ' | |
default 0 | |
timeout 0 | |
hiddenmenu | |
title CentOS 6 VNC Installation | |
root (hd0,0) | |
kernel /boot/centos/vmlinuz vnc vncpassword=asdasd ip=dhcp xen_blkfront.sda_is_xvda=1 ksdevice=eth0 ks=http://172.16.0.50/aminew.ks method=http://mirror.web24.net.au/centos/6/os/x86_64/ lang=en_US keymap=us | |
initrd /boot/centos/initrd.img ' > /boot/grub/menu.lst | |
reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment