Created
August 25, 2020 16:01
-
-
Save wmariuss/ce6da432b10b44dc490632a6d6dd4e3c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# System authorization information | |
auth --enableshadow --passalgo=sha512 | |
# Use CDROM installation media | |
install | |
cdrom | |
# System language | |
lang en_GB.UTF-8 | |
# Keyboard layouts | |
keyboard --vckeymap=gb --xlayouts='gb' | |
# Root password | |
rootpw --iscrypted MiVcjRNTyXvZs | |
# Disable firewalld | |
firewall --disabled | |
# Set SElinux to permissive | |
selinux --permissive | |
# System timezone | |
timezone Europe/London --isUtc | |
# Set bootloader to use MBR partition and disable Meltdown and Spectre mechanisms | |
bootloader --location=mbr --append="nopti noibrs noibpb crashkernel=auto" --boot-drive=sda --iscrypted --password=grub.pbkdf2.sha512.10000.97A6C78DA019E010342C2AB7AC2B49FA0F46A00BA163849DF323C40C21E325282D16F8C6FD09DC4F25FA8A40EA38A18EB2F058B2BBB1BDCCE9B98058A2C73AA4.279C2913892DDCC11E3DF99A7C3165E3843A4A3551C2A67A749DE1CB915307D63780B79FB2E261C57DC06D96B3EC1B84505BB23D8A27BF4ECD108E3964FA612E | |
# Use text installation mode | |
text | |
# Disable X | |
skipx | |
# Avoid manual confirmation of partitions removal | |
zerombr | |
# Partition clearing information | |
clearpart --all --initlabel --drives=sda | |
# Disk partitioning information | |
part /boot --fstype="xfs" --size=512 | |
part pv.00 --fstype="lvmpv" --size=22528 --ondisk=sda --grow | |
volgroup centos pv.00 | |
logvol / --fstype="ext4" --size=10240 --name=root --vgname=centos | |
logvol /home --fstype="ext4" --size=1024 --name=home --vgname=centos | |
logvol swap --recommended --fstype="swap" --name=swap --vgname=centos | |
logvol /opt --fstype="ext4" --size=2048 --name=opt --vgname=centos | |
logvol /var --fstype="ext4" --size=4096 --name=var --vgname=centos | |
# Disable the Setup Agent on first boot | |
firstboot --disabled | |
# Accept the End User License Agreement (EULA) | |
eula --agreed | |
# Enable NetworkManager and sshd | |
services --enabled=NetworkManager,sshd,chronyd | |
# Repo information | |
repo --name=base --baseurl=http://mirror.centos.org/centos/8/BaseOS/x86_64/os | |
repo --name=appstream --baseurl=http://mirror.centos.org/centos/8/AppStream/x86_64/os/ | |
repo --name=epel --baseurl=https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/ | |
repo --name=extras --baseurl=http://mirror.centos.org/centos/8/extras/x86_64/os/ | |
# Enable kdump | |
%addon com_redhat_kdump --enable --reserve-mb='auto' | |
%end | |
# Reboot server for the first time | |
reboot --eject | |
# Packages information | |
%packages --ignoremissing | |
@^minimal | |
@core | |
chrony | |
-biosdevname | |
-iwl*firmware | |
-iprutils | |
-alsa-* | |
-plymouth* | |
%end | |
%include /tmp/network.ks | |
# Pre installation information | |
%pre --log=/root/ks-pre.log | |
# Figure out the name of the interface and activate as DHCP | |
ip addr | grep -i broadcast | awk '{ print $2 }' > /tmp/interface | |
sed -i 's/:/\ /g' /tmp/interface | |
interface=`cat /tmp/interface` | |
ns="10.0.11.1,10.0.11.2" | |
echo "network --hostname=template-centos8 --bootproto=dhcp --device=$interface --ipv6=auto --activate" >>/tmp/network.ks | |
echo "nameserver $ns" >>/etc/resolv.conf | |
%end | |
# Post installation information | |
%post --log=/root/anaconda-ks-post.log | |
# Remove Redhat/Centos7 naming convention | |
sed -i 's/^GRUB_CMDLINE_LINUX="[^"]*/& net.ifnames=0 biosdevname=0 loglevel=3/' /etc/default/grub | |
grub2-mkconfig -o /boot/grub2/grub.cfg | |
ip addr | grep -i broadcast | awk '{ print $2 }' > /tmp/interface | |
sed -i 's/:/\ /g' /tmp/interface | |
interface=`cat /tmp/interface` | |
sed -i 's/^NAME="[^"]*"$/NAME="eth0"/' /etc/sysconfig/network-scripts/ifcfg-$interface | |
sed -i 's/^DEVICE="[^"]*"$/DEVICE="eth0"/' /etc/sysconfig/network-scripts/ifcfg-$interface | |
mv /etc/sysconfig/network-scripts/ifcfg-$interface /etc/sysconfig/network-scripts/ifcfg-eth0 | |
systemctl disable NetworkManager | |
# Enable provision user | |
useradd -m -G wheel -u 1100 provision -p aeZdifquIPmJM | |
mkdir /home/provision/.ssh | |
chmod 0700 /home/provision/.ssh | |
echo -e 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsdDe/HsAKj/zpqqfrZgX1v27yFwuEFL0yrAW7TUYpAYmDDON6PjOvCwL6Eyn6IJP+rJ0EM2+VUtRMbbpmGZsBWA2QlDRQeBKfGzGe81QEsQjcVPd3Ci/HEapncwz/nyU+kahMGJm0+WZA50gIgWk/vzGChYuyQuDr29k3294DOoe9Zytwly1Sy3mq8gf25s29eiuXTPn1sxYXDnPjtE6CbbpXZP8dnhCFX9lAQhkOpDjmQih53DK+u3897edBbHQ4aNshVvq8nUKYlVjXB8+NUzz359c1f+tkzy5jyKR7OgCnto0q8JwsVD88oOak60dBqi5DgErayUO0CD4oR0B/cX4/K2Xb+S4jgHckAJi9V6TTUTjFJRWxGeVll6FzoTs9yry8qim6GcfbIbkttANBauv7aUPpptT0IJvMaZMJb4LrpVH2oayY6LkG0jcoULJkWnFZGCZDyJVzSv3rcE8DBW8uff9IvUgVKUxWwXHwtytkJQxSC25ihpd5iKerczq+PNYRg8HULuWBg/zs8HgNoCjmfHVpcusJX3p7u/owilBLplpvYBq+WZgH7nGyWnbZaU/qZvWZtUnPPCkM0JI7rhIxmKjw8Wgczt1YSA7OiELyban4gZMGZ+BORdVFC14ucOTSumlsz7OjMvAwREZP96T4X5bj95ROnhFLvG4RYQ== mstanca@work' >> /home/provision/.ssh/authorized_keys | |
chown -R provision:provision /home/provision/.ssh | |
chmod 0644 /home/provision/.ssh/authorized_keys | |
# Disable use of DNS for incoming connections via ssh | |
sed 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config | |
yum install bc net-tools wget curl epel-release perl bzip2 bind-utils open-vm-tools tcpdump yum-utils telnet -y | |
yum update -y | |
yum clean all | |
systemctl enable NetworkManager | |
%end | |
# Enforce password policies | |
%anaconda | |
pwpolicy root --minlen=10 --minquality=1 --notstrict --nochanges --notempty | |
pwpolicy user --minlen=10 --minquality=1 --notstrict --nochanges --notempty | |
pwpolicy luks --minlen=10 --minquality=1 --notstrict --nochanges --notempty | |
%end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment