-
-
Save numbnet/d7290692d44edd405e2fa5332ef1b067 to your computer and use it in GitHub Desktop.
kickstart
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
%pre | |
#!/bin/sh | |
hds="" | |
mymedia="" | |
for file in /proc/ide/h* | |
do | |
mymedia=`cat $file/media` | |
if [ $mymedia == "disk" ] ; then | |
hds="$hds `basename $file`" | |
fi | |
done | |
set $hds | |
numhd=`echo $#` | |
drive1=`echo $hds | cut -d' ' -f1` | |
drive2=`echo $hds | cut -d' ' -f2` | |
#Write out partition scheme based on whether there are 1 or 2 hard drives | |
if [ $numhd == "2" ] ; then | |
#2 drives | |
echo "#partitioning scheme generated in %pre for 2 drives" > /tmp/part-include | |
echo "clearpart --all" >> /tmp/part-include | |
echo "part /boot --fstype ext3 --size 75 --ondisk hda" >> /tmp/part-include | |
echo "part / --fstype ext3 --size 1 --grow --ondisk hda" >> /tmp/part-include | |
echo "part swap --recommended --ondisk $drive1" >> /tmp/part-include | |
echo "part /home --fstype ext3 --size 1 --grow --ondisk hdb" >> /tmp/part-include | |
else | |
#1 drive | |
echo "#partitioning scheme generated in %pre for 1 drive" > /tmp/part-include | |
echo "clearpart --all" >> /tmp/part-include | |
echo "part /boot --fstype ext3 --size 75" >> /tmp/part-includ | |
echo "part swap --recommended" >> /tmp/part-include | |
echo "part / --fstype ext3 --size 2048" >> /tmp/part-include | |
echo "part /home --fstype ext3 --size 2048 --grow" >> /tmp/part-include | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##***********************## | |
## ks.cfg ## | |
## minimal ## | |
##***********************## | |
#version=DEVEL | |
## System authorization information | |
auth --enableshadow --passalgo=sha512 | |
##*****************## | |
## Install OS instead of upgrade | |
# upgrade | |
install | |
## License agreement | |
eula --agreed | |
## Use CDROM installation media ## | |
cdrom | |
## Use network installation ## | |
# url --url="https://mirror.yandex.ru/centos/7/os/x86_64" | |
# url --url="http://mirror.mirohost.net/centos/7/os/x86_64" | |
# url --url="http://mirrors.bytes.ua/centos/7/os/x86_64" | |
## Use graphical install | |
# graphical | |
## Use graphical install | |
# cmdline | |
## Use text mode install | |
text | |
## Run the Setup Agent on first boot | |
firstboot --enable | |
ignoredisk --only-use=sda | |
##*****************## | |
## Keyboard layouts | |
keyboard --vckeymap=us --xlayouts='us','ru' --switch='grp:ctrl_shift_toggle' | |
##*****************## | |
## System language | |
lang ru_UA.UTF-8 | |
##***************************## | |
## --Network information-- ## | |
##***************************## | |
## Static | |
network --bootproto=static --device=enp1s6 --gateway=192.168.1.2 --ip=192.168.1.10 --nameserver=192.168.1.2 --netmask=255.255.255.0 --noipv6 --activate | |
network --hostname=localhost.localdomain | |
## Dynamic | |
# network --bootproto=dhcp --noipv6 --activate | |
# network --hostname=localhost.localdomain | |
## Dynamic NNSERVER | |
# network --bootproto=dhcp --noipv6 --activate | |
# network --hostname=localhost.nnserver | |
## System timezone | |
timezone Europe/Kiev --isUtc --ntpservers=ua.pool.ntp.org,0.centos.pool.ntp.org,1.centos.pool.ntp.org,2.centos.pool.ntp.org,3.centos.pool.ntp.org | |
##***********************## | |
## -Затем идут параметры пользователей- ## | |
## -Add ssh user key- ## | |
##***********************## | |
## Root password ### | |
rootpw --iscrypted $6$f2n6gO8NYOQ/wI5.$zaDGRl7tO5GHu16KsdNtwWJcgj4nEnw3Ytjvwr591y48ABxWnazD/M.MsyiccOBqtGfrsgMoxaISS3YiOHhxb/ | |
user --groups=wheel --name=admin --password=$6$YuSrk/AgCfc1C1n7$61Yg/tsJch5nTjZj0SH0YUOmK9rAMWan6TDGH1xi85lYAqTIChdgbsjh/in693mq7Bp/yk9d6vTL0VBJ0Ba7o1 --iscrypted --gecos="Admin" | |
## запуск ssh-сервер во время установки. Добавить опциею загрузки ядра inst.sshd | |
sshpw --username=root $6$f2n6gO8NYOQ/wI5.$zaDGRl7tO5GHu16KsdNtwWJcgj4nEnw3Ytjvwr591y48ABxWnazD/M.MsyiccOBqtGfrsgMoxaISS3YiOHhxb/ --iscrypted | |
## SSHkey ed25519 | |
sshkey --username=root "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKp3bxeApwQec9N6DaIP1Iq3o7Ks4jcL66wHi1YdqkFC root" | |
sshkey --username=admin "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3nyIJFszoNVmLolr3gV+yOJyCT+0ImsOH/C3rZloR4 admin" | |
## SSHkey RSA | |
#sshkey --username=admin "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZoXrV4vQeM3qxRni+CAA6i8+Cvr1ql+MxyUiZ/H7CbzVGZ4hlNuEW2dR6ItG5XAaYxHSCXjnRqBd5VonV9oD5wLNNc5GaPz12aC2W6qzWXyQqfiU6mH9isTTPtxVxSQ5WlbZhOYxx9yxFudciCoycOLHopsRgFNQWQvEuFiJu67qihxU8vUcyU0uxr2Y7qXcAYdzr/QFmfU5r+Lv99T7GaGBJl5jJF6PJ/7lROZR/d00kORD522s8ubej5eonK6KpOpfTYBTI3jf6hmuUte3gwArPEzessmgMOYAPXONz8qqTOLVjFiO6iuXp6ldx5qp0j8aE+iQj6+8NX47vLOhTP6uKEAGBR/MgaG77iJIEF2weA/Ew9n0zLI4eyBTgZY1+LD1pc0aMy7+KMa8+ef1SX34MurGef4y7MgAKFQ5hsuR12FMhYXkrT0+qJtWZXWW6uXqKXCDT6xoHvZw3ZLpoL29MBrDqCPnpxlhetsDDTDlh44VKcM3alxYSn+OjTFdLYcfuAAN9/WPi5sTbV9Qr8MgQY45LbPY2VF41qHC35UEklJqFj15xrr3R3FPzcfDIGOpqXCFmO/zO6FuPH1T3RK2iztGEAjcrVOhvNZ+AYQOzYJYxCwQeZ02H6eCd3Kfj151fUKQbhCwae0ZQG93wYoqPtasfL754q8TZowA1Rw== admin" | |
#sshkey --username=root "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0zeUtIOS32Ja6dTLWyMfP3I3dObm6YWVKUak7z7KjGVuMg45xFgvg8+dzbbyH0O59I1Cxd8CsrVc7lnE1SoJqOs8N2RW82tXEfmBUlLurWmsYbGi0ZUrXnL0Yl95eiZeVQk+sLBynFfsVkbF/UCiHlkOK8srIZrXNtR8xHLQqZ+S/9EsLTOIqN2qc+5C0NNdZp1DPiMvTxq088ktNwAwt6kz4AWNxEV6OFvpFmXQhr9daDxgEXJ2WXQVSaJziEL9iDj9u4xNK17VXsSxK9fEk/qgBiiUd0mzZGNW1RVPaN6EkockTLtPtI/AiVWs3fQVCua5Guke/w4Ix/ycpcWQ3 root" | |
##***********************## | |
#* | |
#* rootpw —lock # — запрет подключения к серверу root-ом | |
#-$ python -c 'import crypt; print(crypt.crypt("My Password", "$6$My Salt"))' | |
#* | |
#* Пароль пользователя root и админ можно сгенерировать заранее"; | |
#* python -c "import crypt,random,string; print crypt.crypt(\"my_password\", '\$6\$' + ''.join([random.choice(string.ascii_letters + string.digits) for _ in range(16)]))" ; | |
#* | |
##***********************## | |
##***********************## | |
## -System services- ## | |
## убрать лишние сервисы и добавить нужные ## | |
##***********************## | |
# services --disabled=autofs,alsa-state,avahi-daemon,bluetooth,pcscd,cachefilesd,colord,fancontrol,fcoe,firewalld,firstboot-graphical,gdm,httpd,initial-setup,initial-setup-text,initial-setup-graphical,initial-setup-reconfiguration,kdump,libstoragemgmt,ModemManager,tog-pegasus,tmp.mount,tuned \ | |
# --enabled=bacula-fd,chronyd,edac,gpm,numad,rsyslog,sendmail,smartd,sm-client,sssd,zabbix-agent | |
#services --disabled=NetworkManager | |
services --enabled="chronyd" | |
## Firewall rule | |
# firewall --enabled --port=22822:tcp | |
# firewall --disabled --service=ssh | |
##***********************## | |
## -разбивка диска- ## | |
##***********************## | |
## Повторном инициализировании диска (Рекоменд. при авто установке) | |
zerombr | |
## System bootloader configuration | |
bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda | |
## Автоматическая розметка диска | |
# autopart --type=lvm | |
part biosboot --fstype="biosboot" --ondisk=sda --size=2 | |
part pv.699 --fstype="lvmpv" --ondisk=sda --size=304220 | |
part /boot --fstype="ext4" --ondisk=sda --size=1022 --label=BOOT | |
volgroup nnserver --pesize=4096 pv.699 | |
logvol swap --fstype="swap" --size=8196 --name=swap --vgname=nnserver | |
logvol /home --fstype="xfs" --size=184320 --label="HOME" --name=home --vgname=nnserver | |
logvol / --fstype="xfs" --size=111700 --label="ROOT" --name=root --vgname=nnserver | |
##***********************## | |
#* | |
#* grow - Эта команда указывает установщику anaconda создать максимально большой раздел. | |
#* pv.699 - не используется после установки | |
#* | |
##***********************## | |
## Partition clearing information | |
clearpart --all --initlabel --drives=sda | |
##**************************## | |
## -Package installation- ## | |
##**************************## | |
## packages install | |
%packages | |
@^minimal | |
@core | |
aide | |
chrony | |
esc | |
kexec-tools | |
libreswan | |
openscap | |
openscap-scanner | |
pam_pkcs11 | |
scap-security-guide | |
sudo | |
%end | |
##***********************## | |
## -Select profile- ## | |
##***********************## | |
%addon org_fedora_oscap | |
content-type = scap-security-guide | |
profile = xccdf_org.ssgproject.content_profile_pci-dss | |
%end | |
##***********************## | |
## -KDump- ## | |
##***********************## | |
%addon com_redhat_kdump --enable --reserve-mb='auto' | |
%end | |
##***********************## | |
## -Policy- ## | |
##***********************## | |
%anaconda | |
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty | |
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok | |
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty | |
%end | |
##***********************## | |
## -Policy- ## | |
##***********************## | |
%post | |
# yum install -y policycoreutils-python | |
echo "admin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/admin | |
## Change ssh port | |
# /usr/bin/sed -i "s%#Port 22%Port 43389%g" "/etc/ssh/sshd_config" | |
# /usr/bin/sed -i "s%#PermitRootLogin yes%PermitRootLogin no%g" "/etc/ssh/sshd_config" | |
# /sbin/semanage port -a -t ssh_port_t -p tcp 22822 | |
# /usr/bin/firewall-cmd --permanent --zone=public --remove-service=ssh | |
%end | |
##***********************## | |
## -Reboot after installation- ## | |
##***********************## | |
## Перезагрузка и извлечь носитель (при установке с DVD) перед перезагрузкой. | |
# reboot --eject | |
## Перезагрузка в новую систему с kexec переключением ядра,вместо полной перезагрузки в обход BIOS / прошивки и загрузчика | |
reboot --kexec | |
# %include /tmp/part-include |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
accepteula | |
install --firstdisk=localesx,usb --ignoressd --overwritevmfs | |
rootpw --iscrypted $6$zVUeVt1o$QXe1FD0ap1V..SnhD5XZtbNA4RmqYz8SP7RAcFYXbP5t4w20 | |
serialnum --esx=YOURL-ICENS-ENUMB-ERFOR-VMWARE | |
reboot | |
network --addvmportgroup=1 --bootproto=static --ip=10.200.21.160 --gateway=10.200.21.254 --netmask=255.255.255.0 --hostname=esxprd00 --nameserver=10.11.12.13 | |
%firstboot --interpreter=busybox | |
### | |
### DNS and Routing | |
### | |
vName="esxprd00" | |
vDNS1="10.11.12.13" | |
vDNS2="10.11.12.14" | |
vDom="your.internal.domain.com" | |
esxcli system hostname set --fqdn="${vName}.${vDom}" | |
esxcli network ip dns server add --server=${vDNS1} | |
esxcli network ip dns server add --server=${vDNS2} | |
esxcli network ip dns search add --domain=${vDom} | |
### | |
### Enable & Start ESXi Shell (TSM) & SSH (TSM-SSH) | |
### | |
vim-cmd hostsvc/enable_esx_shell | |
vim-cmd hostsvc/start_esx_shell | |
vim-cmd hostsvc/enable_ssh | |
vim-cmd hostsvc/start_ssh | |
### | |
### Create local datastore (VMFS6) & mark it SSD | |
### | |
vDS="LocalSSD-00" | |
NAA="$(ls /vmfs/devices/disks/ |grep -E 'naa\.\w+$')" | |
END_SECTOR=$(eval expr $(partedUtil getptbl "/vmfs/devices/disks/${NAA}" | tail -1 | awk '{print $1 " \\* " $2 " \\* " $3}') - 1) | |
partedUtil setptbl "/vmfs/devices/disks/${NAA}" "gpt" "1 2048 ${END_SECTOR} AA31E02A400F11DB9590000C2911D1B8 0" | |
vmkfstools -C vmfs6 -b 1m -S ${vDS} "/vmfs/devices/disks/${NAA}:1" | |
esxcli storage nmp satp rule add -s VMW_SATP_LOCAL -d ${NAA} -o enable_ssd | |
esxcli storage core claiming reclaim -d ${NAA} | |
### | |
### vSS configuration | |
### | |
vSS="vSwitch0" | |
vUPlink1="vmnic0" | |
vUPlink2="vmnic1" | |
PG_MGMT="Management Network" | |
VMK0_IP=10.200.21.160 | |
### Uplinks ### | |
esxcli network vswitch standard uplink add --uplink-name=${vUPlink1} --vswitch-name=${vSS} | |
esxcli network vswitch standard uplink add --uplink-name=${vUPlink2} --vswitch-name=${vSS} | |
### CDP ### | |
esxcli network vswitch standard set --cdp-status=down --mtu=1500 --vswitch-name=${vSS} | |
### Default vSS Policies ### | |
esxcli network vswitch standard policy failover set --active-uplinks=${vUPlink1},${vUPlink2} --failback yes --failure-detection=link --load-balancing=portid --notify-switches yes --vswitch-name=${vSS} | |
esxcli network vswitch standard policy security set --allow-forged-transmits yes --allow-mac-change yes --allow-promiscuous no --vswitch-name=${vSS} | |
esxcli network vswitch standard policy shaping set --enabled false --vswitch-name=${vSS} | |
### Default PG Policies ### | |
esxcli network vswitch standard portgroup policy failover set --active-uplinks=${vUPlink1},${vUPlink2} --portgroup-name=${PG_MGMT} | |
### VMkernel ports ### | |
esxcli network ip interface add --interface-name=vmk0 --mtu=1500 --portgroup-name=${PG_MGMT} | |
esxcli network ip interface ipv4 set --interface-name=vmk0 --ipv4=${VMK0_IP} --netmask=255.255.255.0 --type=static | |
esxcli network ip interface tag add -i vmk0 -t Management | |
### Disable IPv6 ### | |
esxcli system module parameters set -m tcpip4 -p ipv6=0 | |
### | |
### Mount NFS datastore | |
### | |
esxcli storage nfs add --host "nfs1.${vDom}" --share /share1 --volume-name NFSDS1 | |
### | |
### Time Configuration | |
### | |
cat > /etc/ntp.conf << __NTP_CONFIG__ | |
restrict default kod nomodify notrap nopeer | |
restrict 127.0.0.1 | |
server NTP1 | |
server NTP2 | |
driftfile /etc/ntp.drift | |
__NTP_CONFIG__ | |
/sbin/chkconfig ntpd on | |
### | |
### ESXi Advanced Settings | |
### | |
### Suppress ESXi Shell Warning ### | |
esxcli system settings advanced set -o /UserVars/SuppressShellWarning -i 1 | |
### Set shared VMTools location ### | |
esxcli system settings advanced set -o /UserVars/ProductLockerLocation -s /vmfs/volumes/NFSDS1/productLocker | |
### Syslog.global.logDir ### | |
vVol="$(esxcli storage filesystem list |grep VMFS |awk '{print $1}')" | |
esxcli system syslog config set --logdir=${vVol}/logdir | |
### Scratch location ### | |
vScratchDir="scratch" | |
mkdir /vmfs/volumes/${vDS}/${vScratchDir} | |
vim-cmd hostsvc/advopt/update ScratchConfig.ConfiguredScratchLocation string /vmfs/volumes/${vDS}/${vScratchDir} | |
### Network Coredump location ### | |
VCIP="10.200.21.1" | |
esxcli system coredump network set -v vmk0 -i ${VCIP} -o 6500 | |
esxcli system coredump network set -e true | |
### | |
### Enter maintenance mode | |
### | |
esxcli system maintenanceMode set -e true | |
### | |
### Copy %firstboot script logs to persistent datastore | |
### | |
cp /var/log/hostd.log "/vmfs/volumes/${vDS}/1boot-hostd.log" | |
cp /var/log/esxi_install.log "/vmfs/volumes/${vDS}/1boot-install.log" | |
### | |
### Needed for configuration changes that could not be performed in esxcli | |
### | |
esxcli system shutdown reboot -d 60 -r "1boot" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment