eldorplus/Readme.md

## Readme.md

      
    Raw
  

              Readme.md
            
          
    centos8 @ OVH/SoYouStart/Kimsufi

How to install CentOS 8 on OVH/SoYouStart/Kimsufi


connect to the OVH/SoYouStart/Kimsufi API and create a ipxe script under https://eu.api.kimsufi.com/console/#/me/ipxeScript#POST or equivalent, see centos8.ipxe below
boot your server from this netboot, and ping it to follow the process. If you can observe the webserver's logs you will se your server's IP pulling kernel and initrd with "iPXE" user agent, then it will start pinging, and retrieve the kickstart.cfg a bit later (with "curl" user agent). This is the moment when you could set your server back to "Boot from Hard Disk".
Also at this point you can connect to your server with SSH using the key/password set in the kickstart file. type tmux a to attach the install's tmux session and follow the progress. For debugging, check the logs in /tmp and those sent over syslog.

upstream documentation


kernel/installer boot params in ipxe script
params inside kickstart file

hints for editing ipxe script


for debugging, add inst.syslog=<IP>:<PORT> in order to forward all logs to another server where you run: while true; do nc -l -k -p <PORT>; done, the output will be displayed on stdout.
inst.ks param: host your kickstart file somewhere, anywhere. For debugging, ideally choose a location where you can watch the logs in order to see if it's being picked up.
add inst.nokill param to prevent the server from rebooting after a failed install - you can then connect via ssh to debug

kickstart hints


replace all the "xxx" by your own values
use python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())' to create your own crypted password string


## centos8.ipxe
#!ipxe

set base http://centos.mirrors.ovh.net/8/BaseOS/x86_64/kickstart/isolinux/
set kernel vmlinuz
set initrd initrd.img

kernel ${base}/${kernel} initrd=${initrd} noshell inst.geoloc=0 inst.gpt ifname=enp1s0:00:aa:bb:cc:dd:ee ip=dhcp inst.repo=http://centos.mirrors.ovh.net/8/BaseOS/x86_64/os/ inst.text nameserver=213.186.33.99 inst.sshd inst.ks=<YOURDOMAIN>/kickstart.cfg inst.loglevel=info
initrd ${base}/${initrd}

boot

## kickstart.cfg
# install-time ssh access
sshpw --username=root --iscrypted xxx
# Use text mode install
text --non-interactive
#vnc --port=54182 --password=secret # optional VNC config.

# localisation
keyboard --vckeymap=de --xlayouts='de'
lang en_US.UTF-8

# Installation logging level
logging --level=warning --host=<OTHER_SERVER'S_IP> --port=12345

# Network information
network --bootproto=static --device=00:aa:bb:cc:dd:ee --gateway=x.x.x.254 --hostname=<YOUR_FQDN> --ip=<IP> --nameserver=213.186.33.99 --netmask=255.255.255.0 --ipv6=<IPv6> --activate --ipv6gateway=2001:41d0:xxx:xxff:ff:ff:ff:ff
repo --name="AppStream" --baseurl=http://centos.mirrors.ovh.net/8/AppStream/x86_64/os/

# Use network installation from OVH CentOS mirror
url --url="http://centos.mirrors.ovh.net/8/BaseOS/x86_64/os/"

# SELinux configuration
selinux --enforcing

# Do not configure the X Window System
skipx

# System services
firstboot --disable
services --enabled="sshd,chronyd,firewalld"
firewall --enabled --ssh --port=22:tcp,12345:tcp

# SSH keys on new system
sshkey --username=root "xxx"
# sshkey --username=root "xxx2" # set multiple keys in multiple lines
sshkey --username=<YOUR_USERNAME> "xxx"

# System timezone
timezone Europe/Berlin --isUtc --ntpservers=ntp.ovh.net
user --groups=wheel,admin --name=<YOUR_USERNAME>

# Partition clearing information
clearpart --drives=disk/by-id/ata-INTEL_SSDxxx,disk/by-id/ata-INTEL_SSDyyy --all --initlabel --disklabel=gpt

# Disk partitioning information
# sda disk/by-id/ata-INTEL_SSDxxx
# sdb disk/by-id/ata-INTEL_SSDyyy
part biosboot --label=biosboot_a --fstype=biosboot --size=1 --ondisk=disk/by-id/ata-INTEL_SSDxxx
part biosboot --label=biosboot_b --fstype=biosboot --size=1 --ondisk=disk/by-id/ata-INTEL_SSDyyy

part raid.boot_a --label=boot_a --fstype=mdmember --size=1024 --ondisk=disk/by-id/ata-INTEL_SSDxxx
part raid.boot_b --label=boot_b --fstype=mdmember --size=1024 --ondisk=disk/by-id/ata-INTEL_SSDyyy

part raid.root_a --label=root_a --fstype=mdmember --size=20480 --ondisk=disk/by-id/ata-INTEL_SSDxxx
part raid.root_b --label=root_b --fstype=mdmember --size=20480 --ondisk=disk/by-id/ata-INTEL_SSDyyy

part raid.home_a --label=home_a --fstype=mdmember --grow --ondisk=disk/by-id/ata-INTEL_SSDxxx
part raid.home_b --label=home_b --fstype=mdmember --grow --ondisk=disk/by-id/ata-INTEL_SSDyyy

part swap --label=swap_a --size=4096 --ondisk=disk/by-id/ata-INTEL_SSDxxx
part swap --label=swap_a --size=4096 --ondisk=disk/by-id/ata-INTEL_SSDyyy

raid /boot --level=1 --device=boot --fstype=ext4 --label=BOOT raid.boot_a raid.boot_b
raid / --level=1 --device=root --fstype=ext4 --label=ROOT raid.root_a raid.root_b
raid /home --level=1 --device=home --fstype=ext4 --label=HOME raid.home_a raid.home_b

# System bootloader configuration
bootloader --append="nosplash crashkernel=auto" --location=mbr

# post-install stuff - will be executed chroot'ed in new system
%post
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
#echo -e "configure-and-quit=true\ndhcp=internal" > /etc/NetworkManager/conf.d/custom.conf
sed -i "s/^PermitRootLogin.*/#&\nPermitRootLogin without-password/g" /etc/ssh/sshd_config
sed -i "s/^Port.*/&\nPort 12345/g" /etc/ssh/sshd_config
firewall-offline-cmd --service=ssh --add-port=22222/tcp
firewall-offline-cmd --remove-service cockpit
sleep 3600   # give me some time to chec the install and disable netboot... connect via ssh and run "killall sleep" to avoid waiting.
%end

# almost minimal (but not too spartanic either) selection. mostly removes packages of no use on a dedicated server, adds podman and tmux.
%packages
@standard
podman
tmux
-NetworkManager-team
-blktrace
-c-ares
-cockpit
-cryptsetup
-dnf-plugin-spacewalk
-dnf-plugin-subscription-manager
-dos2unix
-fprintd-pam
-geolite2-city
-geolite2-country
-insights-client
-iwl100-firmware
-iwl1000-firmware
-iwl105-firmware
-iwl135-firmware
-iwl2000-firmware
-iwl2030-firmware
-iwl3160-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-iwl7260-firmware
-kmod-kvdo
-ledmon
-libbasicobjects
-libcollection
-libdhash
-libini_config
-libldb
-libnfsidmap
-libpath_utils
-libref_array
-libsss_autofs
-libsss_certmap
-libsss_idmap
-libsss_nss_idmap
-libsss_sudo
-libstoragemgmt
-libtalloc
-libtdb
-libtevent
-lvm2
-mailcap
-mlocate
-pinfo
-plymouth
-python3-dnf-plugin-spacewalk
-python3-rhn-client-tools
-realmd
-rhn-client-tools
-rhn-setup
-rhnlib
-rhnsd
-rng-tools
-sos
-sssd
-sssd-client
-sssd-common
-sssd-kcm
-sssd-nfs-idmap
-subscription-manager-cockpit
-subscription-manager-plugin-container
-teamd
-trousers
-trousers-lib
-vdo
-words
-xfsdump
%end

# configures the kdump kernel crash dumping mechanism
#%addon com_redhat_kdump --enable --reserve-mb='auto'
	#!ipxe

	set base http://centos.mirrors.ovh.net/8/BaseOS/x86_64/kickstart/isolinux/
	set kernel vmlinuz
	set initrd initrd.img

	kernel ${base}/${kernel} initrd=${initrd} noshell inst.geoloc=0 inst.gpt ifname=enp1s0:00:aa:bb:cc:dd:ee ip=dhcp inst.repo=http://centos.mirrors.ovh.net/8/BaseOS/x86_64/os/ inst.text nameserver=213.186.33.99 inst.sshd inst.ks=<YOURDOMAIN>/kickstart.cfg inst.loglevel=info
	initrd ${base}/${initrd}

	boot
	# install-time ssh access
	sshpw --username=root --iscrypted xxx
	# Use text mode install
	text --non-interactive
	#vnc --port=54182 --password=secret # optional VNC config.

	# localisation
	keyboard --vckeymap=de --xlayouts='de'
	lang en_US.UTF-8

	# Installation logging level
	logging --level=warning --host=<OTHER_SERVER'S_IP> --port=12345

	# Network information
	network --bootproto=static --device=00:aa:bb:cc:dd:ee --gateway=x.x.x.254 --hostname=<YOUR_FQDN> --ip=<IP> --nameserver=213.186.33.99 --netmask=255.255.255.0 --ipv6=<IPv6> --activate --ipv6gateway=2001:41d0:xxx:xxff:ff:ff:ff:ff
	repo --name="AppStream" --baseurl=http://centos.mirrors.ovh.net/8/AppStream/x86_64/os/

	# Use network installation from OVH CentOS mirror
	url --url="http://centos.mirrors.ovh.net/8/BaseOS/x86_64/os/"

	# SELinux configuration
	selinux --enforcing

	# Do not configure the X Window System
	skipx

	# System services
	firstboot --disable
	services --enabled="sshd,chronyd,firewalld"
	firewall --enabled --ssh --port=22:tcp,12345:tcp

	# SSH keys on new system
	sshkey --username=root "xxx"
	# sshkey --username=root "xxx2" # set multiple keys in multiple lines
	sshkey --username=<YOUR_USERNAME> "xxx"

	# System timezone
	timezone Europe/Berlin --isUtc --ntpservers=ntp.ovh.net
	user --groups=wheel,admin --name=<YOUR_USERNAME>

	# Partition clearing information
	clearpart --drives=disk/by-id/ata-INTEL_SSDxxx,disk/by-id/ata-INTEL_SSDyyy --all --initlabel --disklabel=gpt

	# Disk partitioning information
	# sda disk/by-id/ata-INTEL_SSDxxx
	# sdb disk/by-id/ata-INTEL_SSDyyy
	part biosboot --label=biosboot_a --fstype=biosboot --size=1 --ondisk=disk/by-id/ata-INTEL_SSDxxx
	part biosboot --label=biosboot_b --fstype=biosboot --size=1 --ondisk=disk/by-id/ata-INTEL_SSDyyy

	part raid.boot_a --label=boot_a --fstype=mdmember --size=1024 --ondisk=disk/by-id/ata-INTEL_SSDxxx
	part raid.boot_b --label=boot_b --fstype=mdmember --size=1024 --ondisk=disk/by-id/ata-INTEL_SSDyyy

	part raid.root_a --label=root_a --fstype=mdmember --size=20480 --ondisk=disk/by-id/ata-INTEL_SSDxxx
	part raid.root_b --label=root_b --fstype=mdmember --size=20480 --ondisk=disk/by-id/ata-INTEL_SSDyyy

	part raid.home_a --label=home_a --fstype=mdmember --grow --ondisk=disk/by-id/ata-INTEL_SSDxxx
	part raid.home_b --label=home_b --fstype=mdmember --grow --ondisk=disk/by-id/ata-INTEL_SSDyyy

	part swap --label=swap_a --size=4096 --ondisk=disk/by-id/ata-INTEL_SSDxxx
	part swap --label=swap_a --size=4096 --ondisk=disk/by-id/ata-INTEL_SSDyyy

	raid /boot --level=1 --device=boot --fstype=ext4 --label=BOOT raid.boot_a raid.boot_b
	raid / --level=1 --device=root --fstype=ext4 --label=ROOT raid.root_a raid.root_b
	raid /home --level=1 --device=home --fstype=ext4 --label=HOME raid.home_a raid.home_b

	# System bootloader configuration
	bootloader --append="nosplash crashkernel=auto" --location=mbr

	# post-install stuff - will be executed chroot'ed in new system
	%post
	rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
	#echo -e "configure-and-quit=true\ndhcp=internal" > /etc/NetworkManager/conf.d/custom.conf
	sed -i "s/^PermitRootLogin.*/#&\nPermitRootLogin without-password/g" /etc/ssh/sshd_config
	sed -i "s/^Port.*/&\nPort 12345/g" /etc/ssh/sshd_config
	firewall-offline-cmd --service=ssh --add-port=22222/tcp
	firewall-offline-cmd --remove-service cockpit
	sleep 3600 # give me some time to chec the install and disable netboot... connect via ssh and run "killall sleep" to avoid waiting.
	%end

	# almost minimal (but not too spartanic either) selection. mostly removes packages of no use on a dedicated server, adds podman and tmux.
	%packages
	@standard
	podman
	tmux
	-NetworkManager-team
	-blktrace
	-c-ares
	-cockpit
	-cryptsetup
	-dnf-plugin-spacewalk
	-dnf-plugin-subscription-manager
	-dos2unix
	-fprintd-pam
	-geolite2-city
	-geolite2-country
	-insights-client
	-iwl100-firmware
	-iwl1000-firmware
	-iwl105-firmware
	-iwl135-firmware
	-iwl2000-firmware
	-iwl2030-firmware
	-iwl3160-firmware
	-iwl3945-firmware
	-iwl4965-firmware
	-iwl5000-firmware
	-iwl5150-firmware
	-iwl6000-firmware
	-iwl6000g2a-firmware
	-iwl6050-firmware
	-iwl7260-firmware
	-kmod-kvdo
	-ledmon
	-libbasicobjects
	-libcollection
	-libdhash
	-libini_config
	-libldb
	-libnfsidmap
	-libpath_utils
	-libref_array
	-libsss_autofs
	-libsss_certmap
	-libsss_idmap
	-libsss_nss_idmap
	-libsss_sudo
	-libstoragemgmt
	-libtalloc
	-libtdb
	-libtevent
	-lvm2
	-mailcap
	-mlocate
	-pinfo
	-plymouth
	-python3-dnf-plugin-spacewalk
	-python3-rhn-client-tools
	-realmd
	-rhn-client-tools
	-rhn-setup
	-rhnlib
	-rhnsd
	-rng-tools
	-sos
	-sssd
	-sssd-client
	-sssd-common
	-sssd-kcm
	-sssd-nfs-idmap
	-subscription-manager-cockpit
	-subscription-manager-plugin-container
	-teamd
	-trousers
	-trousers-lib
	-vdo
	-words
	-xfsdump
	%end

	# configures the kdump kernel crash dumping mechanism
	#%addon com_redhat_kdump --enable --reserve-mb='auto'