|
# only for RHEL: |
|
#eula --agreed |
|
#rhsm --activation-key=rhel9-ks --org=felixkrohn-priv |
|
|
|
# System bootloader configuration |
|
bootloader --append="nosplash crashkernel=auto" --location=mbr |
|
|
|
# install-time ssh access |
|
sshpw --username=USERNAME --sshkey [...] |
|
sshpw --username=root --iscrypted $6$asdasdasd$[...] |
|
|
|
# Use text mode install, no queries. will abort on error. |
|
text --non-interactive |
|
|
|
# Do not configure the X Window System |
|
skipx |
|
|
|
# localisation |
|
keyboard --vckeymap=ch --xlayouts='ch' |
|
lang en_US.UTF-8 |
|
|
|
# Installation logging level |
|
#logging --level=warning --host=<OTHER_SERVER'S_IP> --port=54321 |
|
#logging --host=10.45.0.1 --port=514 |
|
|
|
# Network information, detailed and static |
|
#network --bootproto=static --device=a1:b2:c3:d4:e5:f6 --gateway=11.22.33.254 --hostname=serverX.yourdomain --ip=11.22.33.44 --nameserver=213.186.33.99 --netmask=255.255.255.0 --ipv6=2001:41d0:aaaa:bbbb::1 --activate --ipv6gateway=2001:41d0:aaaa:bbff:00ff:00ff:00ff:00ff |
|
# Network information, will use DHCP if not overrioden by kernel cmdline arguments |
|
network --hostname=serverX.yourdomain |
|
# not necessary as already set in above IPXE script. |
|
#repo --name="AppStream" --baseurl=http://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/ |
|
#url --url="http://mirror.stream.centos.org/9-stream/BaseOS/x86_64/os/" |
|
|
|
# SELinux configuration |
|
selinux --enforcing |
|
|
|
|
|
# System services |
|
firstboot --disable |
|
services --enabled="sshd,chronyd,firewalld" |
|
firewall --enabled --ssh --port=22:tcp,22222:tcp |
|
|
|
# SSH keys on new system |
|
sshkey --username=root "ecdsa-sha2-nistp521 [...]" |
|
sshkey --username=<YOUR_USERNAME> "xxx" |
|
## sshkey --username=root "xxx2" # set multiple keys in multiple lines |
|
rootpw $6a$asdasdasdasd --iscrypted |
|
|
|
# System timezone |
|
timezone Europe/Berlin --utc |
|
#--ntpservers=ntp.ovh.net |
|
timesource --ntp-server ntp.ovh.net |
|
user --groups=wheel,admin --name=YOUR_USERNAME |
|
|
|
# Partition clearing information |
|
ignoredisk --only-use=sda,sdb |
|
clearpart --drives=sda,sdb --all --initlabel --disklabel=msdos |
|
|
|
# System bootloader configuration |
|
bootloader --append="nosplash crashkernel=auto" --location=mbr --boot-drive=sda |
|
# Clear the Master Boot Record |
|
zerombr |
|
# Partition clearing information |
|
clearpart --none --initlabel --disklabel=gpt |
|
# Disk partitioning information |
|
part /boot/efi --fstype="efi" --size=600 --fsoptions="umask=0077,shortname=winnt" |
|
part raid.boot_a --fstype="mdmember" --ondisk=sda --size=1024 |
|
part raid.boot_b --fstype="mdmember" --ondisk=sdb --size=1024 |
|
part raid.root_a --fstype="mdmember" --ondisk=sda --size=20480 |
|
part raid.root_b --fstype="mdmember" --ondisk=sdb --size=20480 |
|
part raid.lvm_a --fstype="mdmember" --ondisk=sda --grow |
|
part raid.lvm_b --fstype="mdmember" --ondisk=sdb --grow |
|
#part /boot/efi2 --fstype="efi" --size=600 --fsoptions="umask=0077,shortname=winnt2" # this will crash anaconda... copy manually after install in order to be able to boot when sda breaks. |
|
raid /boot --device=boot --fstype="xfs" --level=RAID1 --label=BOOT raid.boot_a raid.boot_b |
|
raid / --device=root --fstype="xfs" --level=RAID1 --label=ROOT raid.root_a raid.root_b |
|
raid pv.1 --device=pv00 --fstype="lvmpv" --level=RAID1 raid.lvm_a raid.lvm_b |
|
part swap --fstype="swap" --size=1024 |
|
volgroup vg --pesize=4096 pv.1 |
|
logvol /home --fstype="xfs" --size=51200 --name=home --vgname=vg |
|
|
|
# pre-install commands - leave a trace in webserver log to see when install starts |
|
%pre |
|
curl -kvI https://YOURDOMAIN/status:centos9-preinstall |
|
%end |
|
|
|
# post-install stuff - will be executed chroot'ed in new system |
|
%post |
|
touch /.autorelabel |
|
curl -kvI https://YOURDOMAIN/status:centos9-postinstall |
|
#rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial |
|
##echo -e "configure-and-quit=true\ndhcp=internal" > /etc/NetworkManager/conf.d/custom.conf |
|
#semanage port -a -t ssh_port_t -p tcp 22222 |
|
#sed -i "s/^PermitRootLogin.*/#&\nPermitRootLogin without-password/g" /etc/ssh/sshd_config |
|
#sed -i "s/^Port.*/#&\nPort 22222/g" /etc/ssh/sshd_config |
|
#firewall-offline-cmd --service=ssh --add-port=22222/tcp |
|
#firewall-offline-cmd --remove-service cockpit |
|
sleep 7200 # give me some time to chec the install and disable netboot... connect via ssh and run "killall sleep" to avoid waiting. |
|
%end |
|
|
|
# package selection: remove everything not really necessary on a dedicated server. YMMV... |
|
%packages |
|
@^minimal-environment |
|
@standard |
|
+vim-enhanced |
|
-NetworkManager-team |
|
-blktrace |
|
-bluez |
|
-bpftool |
|
-c-ares |
|
-cockpit |
|
-dnf-plugin-spacewalk |
|
-dnf-plugin-subscription-manager |
|
-fprintd-pam |
|
-geolite2-city |
|
-geolite2-country |
|
-insights-client |
|
-iwl100-firmware |
|
-iwl1000-firmware |
|
-iwl105-firmware |
|
-iwl135-firmware |
|
-iwl2000-firmware |
|
-iwl2030-firmware |
|
-iwl3160-firmware |
|
-iwl3945-firmware |
|
-iwl4965-firmware |
|
-iwl5000-firmware |
|
-iwl5150-firmware |
|
-iwl6000-firmware |
|
-iwl6000g2a-firmware |
|
-iwl6050-firmware |
|
-iwl7260-firmware |
|
-kmod-kvdo |
|
-ledmon |
|
-libbasicobjects |
|
-libcollection |
|
-libdhash |
|
-libini_config |
|
-libldb |
|
-libnfsidmap |
|
-libpath_utils |
|
-libref_array |
|
-libsss_autofs |
|
-libsss_certmap |
|
-libsss_idmap |
|
-libsss_nss_idmap |
|
-libsss_sudo |
|
-libstoragemgmt |
|
-libtalloc |
|
-libtdb |
|
-libtevent |
|
-mailcap |
|
-man-pages |
|
-mlocate |
|
-nano |
|
-nmap-ncat |
|
-nvme-cli |
|
-pinfo |
|
-plymouth |
|
-python3-dnf-plugin-spacewalk |
|
-python3-rhn-client-tools |
|
-realmd |
|
-rhc |
|
-rhn-client-tools |
|
-rhn-setup |
|
-rhnlib |
|
-rhnsd |
|
-rng-tools |
|
-sos |
|
-sssd |
|
-sssd-client |
|
-sssd-common |
|
-sssd-kcm |
|
-sssd-nfs-idmap |
|
-subscription-manager |
|
-subscription-manager-cockpit |
|
-subscription-manager-plugin-container |
|
-teamd |
|
-time |
|
-trousers |
|
-trousers-lib |
|
-usbutils |
|
-vdo |
|
-words |
|
-xfsdump |
|
-zip |
|
%end |