Skip to content

Instantly share code, notes, and snippets.

@numbnet

numbnet/%pre

Last active November 27, 2020 15:26
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save numbnet/d7290692d44edd405e2fa5332ef1b067 to your computer and use it in GitHub Desktop.
Save numbnet/d7290692d44edd405e2fa5332ef1b067 to your computer and use it in GitHub Desktop.
Download ZIP
kickstart
Raw
%pre
%pre
#!/bin/sh
hds=""
mymedia=""
for file in /proc/ide/h*
do
mymedia=`cat $file/media`
if [ $mymedia == "disk" ] ; then
hds="$hds `basename $file`"
fi
done
set $hds
numhd=`echo $#`
drive1=`echo $hds | cut -d' ' -f1`
drive2=`echo $hds | cut -d' ' -f2`
#Write out partition scheme based on whether there are 1 or 2 hard drives
if [ $numhd == "2" ] ; then
#2 drives
echo "#partitioning scheme generated in %pre for 2 drives" > /tmp/part-include
echo "clearpart --all" >> /tmp/part-include
echo "part /boot --fstype ext3 --size 75 --ondisk hda" >> /tmp/part-include
echo "part / --fstype ext3 --size 1 --grow --ondisk hda" >> /tmp/part-include
echo "part swap --recommended --ondisk $drive1" >> /tmp/part-include
echo "part /home --fstype ext3 --size 1 --grow --ondisk hdb" >> /tmp/part-include
else
#1 drive
echo "#partitioning scheme generated in %pre for 1 drive" > /tmp/part-include
echo "clearpart --all" >> /tmp/part-include
echo "part /boot --fstype ext3 --size 75" >> /tmp/part-includ
echo "part swap --recommended" >> /tmp/part-include
echo "part / --fstype ext3 --size 2048" >> /tmp/part-include
echo "part /home --fstype ext3 --size 2048 --grow" >> /tmp/part-include
fi
Raw
ks.cfg
##***********************##
## ks.cfg ##
## minimal ##
##***********************##
#version=DEVEL
## System authorization information
auth --enableshadow --passalgo=sha512
##*****************##
## Install OS instead of upgrade
# upgrade
install
## License agreement
eula --agreed
## Use CDROM installation media ##
cdrom
## Use network installation ##
# url --url="https://mirror.yandex.ru/centos/7/os/x86_64"
# url --url="http://mirror.mirohost.net/centos/7/os/x86_64"
# url --url="http://mirrors.bytes.ua/centos/7/os/x86_64"
## Use graphical install
# graphical
## Use graphical install
# cmdline
## Use text mode install
text
## Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=sda
##*****************##
## Keyboard layouts
keyboard --vckeymap=us --xlayouts='us','ru' --switch='grp:ctrl_shift_toggle'
##*****************##
## System language
lang ru_UA.UTF-8
##***************************##
## --Network information-- ##
##***************************##
## Static
network --bootproto=static --device=enp1s6 --gateway=192.168.1.2 --ip=192.168.1.10 --nameserver=192.168.1.2 --netmask=255.255.255.0 --noipv6 --activate
network --hostname=localhost.localdomain
## Dynamic
# network --bootproto=dhcp --noipv6 --activate
# network --hostname=localhost.localdomain
## Dynamic NNSERVER
# network --bootproto=dhcp --noipv6 --activate
# network --hostname=localhost.nnserver
## System timezone
timezone Europe/Kiev --isUtc --ntpservers=ua.pool.ntp.org,0.centos.pool.ntp.org,1.centos.pool.ntp.org,2.centos.pool.ntp.org,3.centos.pool.ntp.org
##***********************##
## -Затем идут параметры пользователей- ##
## -Add ssh user key- ##
##***********************##
## Root password ###
rootpw --iscrypted $6$f2n6gO8NYOQ/wI5.$zaDGRl7tO5GHu16KsdNtwWJcgj4nEnw3Ytjvwr591y48ABxWnazD/M.MsyiccOBqtGfrsgMoxaISS3YiOHhxb/
user --groups=wheel --name=admin --password=$6$YuSrk/AgCfc1C1n7$61Yg/tsJch5nTjZj0SH0YUOmK9rAMWan6TDGH1xi85lYAqTIChdgbsjh/in693mq7Bp/yk9d6vTL0VBJ0Ba7o1 --iscrypted --gecos="Admin"
## запуск ssh-сервер во время установки. Добавить опциею загрузки ядра inst.sshd
sshpw --username=root $6$f2n6gO8NYOQ/wI5.$zaDGRl7tO5GHu16KsdNtwWJcgj4nEnw3Ytjvwr591y48ABxWnazD/M.MsyiccOBqtGfrsgMoxaISS3YiOHhxb/ --iscrypted
## SSHkey ed25519
sshkey --username=root "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKp3bxeApwQec9N6DaIP1Iq3o7Ks4jcL66wHi1YdqkFC root"
sshkey --username=admin "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO3nyIJFszoNVmLolr3gV+yOJyCT+0ImsOH/C3rZloR4 admin"
## SSHkey RSA
#sshkey --username=admin "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZoXrV4vQeM3qxRni+CAA6i8+Cvr1ql+MxyUiZ/H7CbzVGZ4hlNuEW2dR6ItG5XAaYxHSCXjnRqBd5VonV9oD5wLNNc5GaPz12aC2W6qzWXyQqfiU6mH9isTTPtxVxSQ5WlbZhOYxx9yxFudciCoycOLHopsRgFNQWQvEuFiJu67qihxU8vUcyU0uxr2Y7qXcAYdzr/QFmfU5r+Lv99T7GaGBJl5jJF6PJ/7lROZR/d00kORD522s8ubej5eonK6KpOpfTYBTI3jf6hmuUte3gwArPEzessmgMOYAPXONz8qqTOLVjFiO6iuXp6ldx5qp0j8aE+iQj6+8NX47vLOhTP6uKEAGBR/MgaG77iJIEF2weA/Ew9n0zLI4eyBTgZY1+LD1pc0aMy7+KMa8+ef1SX34MurGef4y7MgAKFQ5hsuR12FMhYXkrT0+qJtWZXWW6uXqKXCDT6xoHvZw3ZLpoL29MBrDqCPnpxlhetsDDTDlh44VKcM3alxYSn+OjTFdLYcfuAAN9/WPi5sTbV9Qr8MgQY45LbPY2VF41qHC35UEklJqFj15xrr3R3FPzcfDIGOpqXCFmO/zO6FuPH1T3RK2iztGEAjcrVOhvNZ+AYQOzYJYxCwQeZ02H6eCd3Kfj151fUKQbhCwae0ZQG93wYoqPtasfL754q8TZowA1Rw== admin"
#sshkey --username=root "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0zeUtIOS32Ja6dTLWyMfP3I3dObm6YWVKUak7z7KjGVuMg45xFgvg8+dzbbyH0O59I1Cxd8CsrVc7lnE1SoJqOs8N2RW82tXEfmBUlLurWmsYbGi0ZUrXnL0Yl95eiZeVQk+sLBynFfsVkbF/UCiHlkOK8srIZrXNtR8xHLQqZ+S/9EsLTOIqN2qc+5C0NNdZp1DPiMvTxq088ktNwAwt6kz4AWNxEV6OFvpFmXQhr9daDxgEXJ2WXQVSaJziEL9iDj9u4xNK17VXsSxK9fEk/qgBiiUd0mzZGNW1RVPaN6EkockTLtPtI/AiVWs3fQVCua5Guke/w4Ix/ycpcWQ3 root"
##***********************##
#*
#* rootpw —lock # — запрет подключения к серверу root-ом
#-$ python -c 'import crypt; print(crypt.crypt("My Password", "$6$My Salt"))'
#*
#* Пароль пользователя root и админ можно сгенерировать заранее";
#* python -c "import crypt,random,string; print crypt.crypt(\"my_password\", '\$6\$' + ''.join([random.choice(string.ascii_letters + string.digits) for _ in range(16)]))" ;
#*
##***********************##
##***********************##
## -System services- ##
## убрать лишние сервисы и добавить нужные ##
##***********************##
# services --disabled=autofs,alsa-state,avahi-daemon,bluetooth,pcscd,cachefilesd,colord,fancontrol,fcoe,firewalld,firstboot-graphical,gdm,httpd,initial-setup,initial-setup-text,initial-setup-graphical,initial-setup-reconfiguration,kdump,libstoragemgmt,ModemManager,tog-pegasus,tmp.mount,tuned \
# --enabled=bacula-fd,chronyd,edac,gpm,numad,rsyslog,sendmail,smartd,sm-client,sssd,zabbix-agent
#services --disabled=NetworkManager
services --enabled="chronyd"
## Firewall rule
# firewall --enabled --port=22822:tcp
# firewall --disabled --service=ssh
##***********************##
## -разбивка диска- ##
##***********************##
## Повторном инициализировании диска (Рекоменд. при авто установке)
zerombr
## System bootloader configuration
bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda
## Автоматическая розметка диска
# autopart --type=lvm
part biosboot --fstype="biosboot" --ondisk=sda --size=2
part pv.699 --fstype="lvmpv" --ondisk=sda --size=304220
part /boot --fstype="ext4" --ondisk=sda --size=1022 --label=BOOT
volgroup nnserver --pesize=4096 pv.699
logvol swap --fstype="swap" --size=8196 --name=swap --vgname=nnserver
logvol /home --fstype="xfs" --size=184320 --label="HOME" --name=home --vgname=nnserver
logvol / --fstype="xfs" --size=111700 --label="ROOT" --name=root --vgname=nnserver
##***********************##
#*
#* grow - Эта команда указывает установщику anaconda создать максимально большой раздел.
#* pv.699 - не используется после установки
#*
##***********************##
## Partition clearing information
clearpart --all --initlabel --drives=sda
##**************************##
## -Package installation- ##
##**************************##
## packages install
%packages
@^minimal
@core
aide
chrony
esc
kexec-tools
libreswan
openscap
openscap-scanner
pam_pkcs11
scap-security-guide
sudo
%end
##***********************##
## -Select profile- ##
##***********************##
%addon org_fedora_oscap
content-type = scap-security-guide
profile = xccdf_org.ssgproject.content_profile_pci-dss
%end
##***********************##
## -KDump- ##
##***********************##
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
##***********************##
## -Policy- ##
##***********************##
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
##***********************##
## -Policy- ##
##***********************##
%post
# yum install -y policycoreutils-python
echo "admin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/admin
## Change ssh port
# /usr/bin/sed -i "s%#Port 22%Port 43389%g" "/etc/ssh/sshd_config"
# /usr/bin/sed -i "s%#PermitRootLogin yes%PermitRootLogin no%g" "/etc/ssh/sshd_config"
# /sbin/semanage port -a -t ssh_port_t -p tcp 22822
# /usr/bin/firewall-cmd --permanent --zone=public --remove-service=ssh
%end
##***********************##
## -Reboot after installation- ##
##***********************##
## Перезагрузка и извлечь носитель (при установке с DVD) перед перезагрузкой.
# reboot --eject
## Перезагрузка в новую систему с kexec переключением ядра,вместо полной перезагрузки в обход BIOS / прошивки и загрузчика
reboot --kexec
# %include /tmp/part-include
Raw
windows.KS.cfg
accepteula
install --firstdisk=localesx,usb --ignoressd --overwritevmfs
rootpw --iscrypted $6$zVUeVt1o$QXe1FD0ap1V..SnhD5XZtbNA4RmqYz8SP7RAcFYXbP5t4w20
serialnum --esx=YOURL-ICENS-ENUMB-ERFOR-VMWARE
reboot
network --addvmportgroup=1 --bootproto=static --ip=10.200.21.160 --gateway=10.200.21.254 --netmask=255.255.255.0 --hostname=esxprd00 --nameserver=10.11.12.13
%firstboot --interpreter=busybox
###
### DNS and Routing
###
vName="esxprd00"
vDNS1="10.11.12.13"
vDNS2="10.11.12.14"
vDom="your.internal.domain.com"
esxcli system hostname set --fqdn="${vName}.${vDom}"
esxcli network ip dns server add --server=${vDNS1}
esxcli network ip dns server add --server=${vDNS2}
esxcli network ip dns search add --domain=${vDom}
###
### Enable & Start ESXi Shell (TSM) & SSH (TSM-SSH)
###
vim-cmd hostsvc/enable_esx_shell
vim-cmd hostsvc/start_esx_shell
vim-cmd hostsvc/enable_ssh
vim-cmd hostsvc/start_ssh
###
### Create local datastore (VMFS6) & mark it SSD
###
vDS="LocalSSD-00"
NAA="$(ls /vmfs/devices/disks/ |grep -E 'naa\.\w+$')"
END_SECTOR=$(eval expr $(partedUtil getptbl "/vmfs/devices/disks/${NAA}" | tail -1 | awk '{print $1 " \\* " $2 " \\* " $3}') - 1)
partedUtil setptbl "/vmfs/devices/disks/${NAA}" "gpt" "1 2048 ${END_SECTOR} AA31E02A400F11DB9590000C2911D1B8 0"
vmkfstools -C vmfs6 -b 1m -S ${vDS} "/vmfs/devices/disks/${NAA}:1"
esxcli storage nmp satp rule add -s VMW_SATP_LOCAL -d ${NAA} -o enable_ssd
esxcli storage core claiming reclaim -d ${NAA}
###
### vSS configuration
###
vSS="vSwitch0"
vUPlink1="vmnic0"
vUPlink2="vmnic1"
PG_MGMT="Management Network"
VMK0_IP=10.200.21.160
### Uplinks ###
esxcli network vswitch standard uplink add --uplink-name=${vUPlink1} --vswitch-name=${vSS}
esxcli network vswitch standard uplink add --uplink-name=${vUPlink2} --vswitch-name=${vSS}
### CDP ###
esxcli network vswitch standard set --cdp-status=down --mtu=1500 --vswitch-name=${vSS}
### Default vSS Policies ###
esxcli network vswitch standard policy failover set --active-uplinks=${vUPlink1},${vUPlink2} --failback yes --failure-detection=link --load-balancing=portid --notify-switches yes --vswitch-name=${vSS}
esxcli network vswitch standard policy security set --allow-forged-transmits yes --allow-mac-change yes --allow-promiscuous no --vswitch-name=${vSS}
esxcli network vswitch standard policy shaping set --enabled false --vswitch-name=${vSS}
### Default PG Policies ###
esxcli network vswitch standard portgroup policy failover set --active-uplinks=${vUPlink1},${vUPlink2} --portgroup-name=${PG_MGMT}
### VMkernel ports ###
esxcli network ip interface add --interface-name=vmk0 --mtu=1500 --portgroup-name=${PG_MGMT}
esxcli network ip interface ipv4 set --interface-name=vmk0 --ipv4=${VMK0_IP} --netmask=255.255.255.0 --type=static
esxcli network ip interface tag add -i vmk0 -t Management
### Disable IPv6 ###
esxcli system module parameters set -m tcpip4 -p ipv6=0
###
### Mount NFS datastore
###
esxcli storage nfs add --host "nfs1.${vDom}" --share /share1 --volume-name NFSDS1
###
### Time Configuration
###
cat > /etc/ntp.conf << __NTP_CONFIG__
restrict default kod nomodify notrap nopeer
restrict 127.0.0.1
server NTP1
server NTP2
driftfile /etc/ntp.drift
__NTP_CONFIG__
/sbin/chkconfig ntpd on
###
### ESXi Advanced Settings
###
### Suppress ESXi Shell Warning ###
esxcli system settings advanced set -o /UserVars/SuppressShellWarning -i 1
### Set shared VMTools location ###
esxcli system settings advanced set -o /UserVars/ProductLockerLocation -s /vmfs/volumes/NFSDS1/productLocker
### Syslog.global.logDir ###
vVol="$(esxcli storage filesystem list |grep VMFS |awk '{print $1}')"
esxcli system syslog config set --logdir=${vVol}/logdir
### Scratch location ###
vScratchDir="scratch"
mkdir /vmfs/volumes/${vDS}/${vScratchDir}
vim-cmd hostsvc/advopt/update ScratchConfig.ConfiguredScratchLocation string /vmfs/volumes/${vDS}/${vScratchDir}
### Network Coredump location ###
VCIP="10.200.21.1"
esxcli system coredump network set -v vmk0 -i ${VCIP} -o 6500
esxcli system coredump network set -e true
###
### Enter maintenance mode
###
esxcli system maintenanceMode set -e true
###
### Copy %firstboot script logs to persistent datastore
###
cp /var/log/hostd.log "/vmfs/volumes/${vDS}/1boot-hostd.log"
cp /var/log/esxi_install.log "/vmfs/volumes/${vDS}/1boot-install.log"
###
### Needed for configuration changes that could not be performed in esxcli
###
esxcli system shutdown reboot -d 60 -r "1boot"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment