Created
November 19, 2019 12:26
-
-
Save jasonwbarnett/7011cb6e79bda377449df1268a2f24c2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # el7-options.cfg | |
| # Commands and Options. | |
| ############################################################################### | |
| # Required options: | |
| # See the kickstart section of the install docs for this distro for more details | |
| # authconfig | |
| # bootloader | |
| # keyboard | |
| # lang | |
| # part or partition | |
| # rootpw | |
| # timezone | |
| lang en_US | |
| authconfig --useshadow --passalgo=sha512 --kickstart | |
| # The bootloader must be set to sdb since sda is the installer. | |
| bootloader --boot-drive=sdb | |
| keyboard us | |
| # Tells kickstart how to partition the install target and sets fstab entries. | |
| clearpart --drives=sdb --all --initlabel | |
| zerombr | |
| part /boot/efi --size=200 --fstype=efi --ondrive=sdb | |
| part / --asprimary --size=100 --grow --ondrive=sdb --fsoptions="defaults" --label=root --fstype=xfs | |
| rootpw --iscrypted --lock * | |
| timezone --utc UTC | |
| # Tells kickstart to delete existing partitions on the install target. | |
| firewall --enabled | |
| firstboot --disabled | |
| # Sets the installer. | |
| install | |
| harddrive --partition=sda2 --dir=/ | |
| network --bootproto=dhcp --noipv6 --hostname=localhost --device=eth0 | |
| poweroff | |
| services --enabled sshd,ntpd | |
| skipx | |
| sshpw --username=root --iscrypted --lock * | |
| text | |
| # Enterprise linux will not initiate an automated install without a user. We | |
| # will delete this user later in the script. | |
| user --name=gce --lock | |
| # packages.cfg | |
| # Contains a list of packages to be installed, or not, on all flavors. | |
| # The %package command begins the package selection section of kickstart. | |
| # Packages can be specified by group, or package name. @Base and @Core are | |
| # always selected by default so they do not need to be specified. | |
| %packages | |
| acpid | |
| kpartx | |
| gdisk | |
| net-tools | |
| ntp | |
| openssh-server | |
| parted | |
| rsync | |
| vim | |
| # Make sure that subscription-manager and rhn packages are not installed as | |
| # they conflict with GCE packages. | |
| -subscription-manager | |
| -*rhn* | |
| -alsa-utils | |
| -b43-fwcutter | |
| -dmraid | |
| -eject | |
| -gpm | |
| -kexec-tools | |
| -irqbalance | |
| -microcode_ctl | |
| -smartmontools | |
| -aic94xx-firmware | |
| -atmel-firmware | |
| -b43-openfwwf | |
| -bfa-firmware | |
| -ipw2100-firmware | |
| -ipw2200-firmware | |
| -ivtv-firmware | |
| -iwl100-firmware | |
| -iwl1000-firmware | |
| -iwl3945-firmware | |
| -iwl4965-firmware | |
| -iwl5000-firmware | |
| -iwl5150-firmware | |
| -iwl6000-firmware | |
| -iwl6000g2a-firmware | |
| -iwl6050-firmware | |
| -kernel-firmware | |
| -libertas-usb8388-firmware | |
| -ql2100-firmware | |
| -ql2200-firmware | |
| -ql23xx-firmware | |
| -ql2400-firmware | |
| -ql2500-firmware | |
| -rt61pci-firmware | |
| -rt73usb-firmware | |
| -xorg-x11-drv-ati-firmware | |
| -zd1211-firmware | |
| %end | |
| %post | |
| tee -a /etc/yum.repos.d/google-cloud.repo << EOM | |
| [google-compute-engine] | |
| name=Google Compute Engine | |
| baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el7-x86_64-stable | |
| enabled=1 | |
| gpgcheck=1 | |
| repo_gpgcheck=1 | |
| gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg | |
| https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg | |
| EOM | |
| tee -a /etc/yum.repos.d/google-cloud.repo << EOM | |
| [google-cloud-sdk] | |
| name=Google Cloud SDK | |
| baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64 | |
| enabled=1 | |
| gpgcheck=1 | |
| repo_gpgcheck=1 | |
| gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg | |
| https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg | |
| EOM | |
| %end | |
| # Red Hat Enterprise Linux 7 RHUI setup. | |
| %post --log=/dev/ttyS0 | |
| set -x | |
| # Install google RHUI client software. | |
| yum -y install google-rhui-client-rhel7 | |
| # Import Red Hat's signing keys if present. | |
| rhkey=/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
| [ -f "${rhkey}" ] && rpm --import "${rhkey}" | |
| %end | |
| # Google Compute Engine kickstart config for Enterprise Linux 7. | |
| %post --log=/dev/ttyS0 | |
| set -x | |
| # Install EPEL. | |
| yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm | |
| # Delete the dummy user account. | |
| userdel -r gce | |
| # Configure the network for GCE. | |
| # Given that GCE users typically control the firewall at the network API level, | |
| # we want to leave the standard Linux firewall setup enabled but all-open. | |
| firewall-offline-cmd --set-default-zone=trusted | |
| cat >>/etc/dhclient.conf <<EOL | |
| # Set the dhclient retry interval to 10 seconds instead of 5 minutes. | |
| retry 10; | |
| EOL | |
| # Set the network settings for eth0. | |
| # Set the MTU. | |
| # Set dhclient to be persistent instead of oneshot. | |
| # Enable IPv6. | |
| cat >>/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOL | |
| MTU=1460 | |
| PERSISTENT_DHCLIENT="y" | |
| IPV6INIT=yes | |
| EOL | |
| # Disable IPv6 for Yum. | |
| echo "ip_resolve=4" >> /etc/yum.conf | |
| # Add GPG keys for GCE repos. | |
| curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg | |
| curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg | |
| rpmkeys --import /etc/pki/rpm-gpg/google-rpm-package-key.gpg | |
| rpmkeys --import /etc/pki/rpm-gpg/google-key.gpg | |
| # Install GCE guest packages and CloudSDK. | |
| yum install -y google-compute-engine gce-disk-expand google-cloud-sdk | |
| yum install -y google-osconfig-agent | |
| # Send /root/anaconda-ks.cfg to our logs. | |
| cp /run/install/ks.cfg /tmp/anaconda-ks.cfg | |
| # Remove files which shouldn't make it into the image. | |
| rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules | |
| # Ensure no attempt will be made to persist network MAC addresses. | |
| ln -s /dev/null /etc/udev/rules.d/75-persistent-net-generator.rules | |
| sed -i '/^\(HWADDR\)=/d' /etc/sysconfig/network-scripts/ifcfg-* | |
| # Disable password authentication by default. | |
| sed -i -e '/^PasswordAuthentication /s/ yes$/ no/' /etc/ssh/sshd_config | |
| # Set ServerAliveInterval and ClientAliveInterval to prevent SSH | |
| # disconnections. The pattern match is tuned to each source config file. | |
| # The $'...' quoting syntax tells the shell to expand escape characters. | |
| sed -i -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config | |
| sed -i -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config | |
| sed -i -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config | |
| # Disable root login via SSH by default. | |
| sed -i -e '/PermitRootLogin yes/s/^.*/PermitRootLogin no/' /etc/ssh/sshd_config | |
| # Configure NTPD to use our servers. | |
| sed -i -e '/pool.ntp.org/d' /etc/ntp.conf | |
| cat >>/etc/ntp.conf <<EOD | |
| # Use the Google Compute Engine ntp server. | |
| # iburst speeds up the initial sync. | |
| server metadata.google.internal iburst | |
| EOD | |
| # Install yum-cron and configure yum-cron.conf to install updates once a day. | |
| # We have to update our images before we install yum-cron otherwise our changes | |
| # will get clobbered when yum updates. | |
| yum -y update | |
| # Install yum-cron | |
| yum -y install yum-cron | |
| # Make changes to yum-cron.conf on el7/centos7 | |
| grep apply_updates /etc/yum/yum-cron.conf | |
| cp /etc/yum/yum-cron.conf /tmp/yum-cron.conf | |
| # Apply updates | |
| sed -i 's/update_cmd =.*/update_cmd = default/' /tmp/yum-cron.conf | |
| sed -i 's/apply_updates =.*/apply_updates = yes/' /tmp/yum-cron.conf | |
| cat /tmp/yum-cron.conf > /etc/yum/yum-cron.conf | |
| grep apply_updates /etc/yum/yum-cron.conf | |
| # This enables the service on both el6 and el7 based VMs. | |
| chkconfig yum-cron on | |
| # Cleanup this repo- we don't want to continue updating with it. | |
| rm -Rf /etc/yum.repos.d/google-cloud-unstable.repo \ | |
| /etc/yum.repos.d/google-cloud-staging.repo | |
| # Clean up the cache for smaller images. | |
| yum clean all | |
| # Blacklist the floppy module. | |
| echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf | |
| restorecon /etc/modprobe.d/blacklist-floppy.conf | |
| # Set the default timeout to 0 and update grub2. | |
| sed -i"" 's:GRUB_TIMEOUT=.*:GRUB_TIMEOUT=0:' /etc/default/grub | |
| sed -i"" '/GRUB_CMDLINE_LINUX/s:"$: elevator=noop":' | |
| restorecon /etc/default/grub | |
| grub2-mkconfig -o /boot/grub2/grub.cfg | |
| echo "Running dracut." | |
| dracut -f | |
| # Fix selinux contexts on /etc/resolv.conf. | |
| restorecon /etc/resolv.conf | |
| %end | |
| # GSetup config | |
| %post --log=/dev/ttyS0 --nochroot | |
| mkdir -p /mnt/sysimage/boot/efi/EFI/Google/gsetup | |
| echo "\EFI\redhat\shimx64.efi" > /mnt/sysimage/boot/efi/EFI/Google/gsetup/boot | |
| cp -r /run/install/isodir/sb_keys/* /mnt/sysimage/boot/efi/EFI/Google/gsetup/ | |
| %end | |
| # Copy synposis, logs, and cleanup. | |
| %post --nochroot --log=/dev/ttyS0 | |
| set -x | |
| log_dir=/run/install/isodir/build-logs | |
| mkdir -p ${log_dir} | |
| cp -R /mnt/sysimage/tmp/* ${log_dir} | |
| cp -R /mnt/sysimage/root/* ${log_dir} | |
| rm -Rf /mnt/sysimage/tmp/* | |
| rm -Rf /mnt/sysimage/root/* | |
| %end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # el7-options.cfg | |
| # Commands and Options. | |
| ############################################################################### | |
| # Required options: | |
| # See the kickstart section of the install docs for this distro for more details | |
| # authconfig | |
| # bootloader | |
| # keyboard | |
| # lang | |
| # part or partition | |
| # rootpw | |
| # timezone | |
| lang en_US | |
| authconfig --useshadow --passalgo=sha512 --kickstart | |
| # The bootloader must be set to sdb since sda is the installer. | |
| bootloader --location=mbr --driveorder=sdb --boot-drive=sdb --boot-drive=sdb | |
| keyboard us | |
| # Tells kickstart how to partition the install target and sets fstab entries. | |
| part / --asprimary --size=100 --grow --ondrive=sdb --fsoptions="defaults" --label=/ --fstype=xfs | |
| rootpw --iscrypted --lock * | |
| timezone --utc UTC | |
| # Tells kickstart to delete existing partitions on the install target. | |
| clearpart --drives=sdb --all --initlabel | |
| firewall --enabled | |
| firstboot --disabled | |
| # Sets the installer. | |
| harddrive --partition=sda1 --dir=/ | |
| install | |
| network --bootproto=dhcp --noipv6 --hostname=localhost --device=eth0 | |
| poweroff | |
| services --enabled sshd,ntpd | |
| skipx | |
| sshpw --username=root --iscrypted --lock * | |
| text | |
| # Enterprise linux will not initiate an automated install without a user. We | |
| # will delete this user later in the script. | |
| user --name=gce --lock | |
| zerombr | |
| # packages.cfg | |
| # Contains a list of packages to be installed, or not, on all flavors. | |
| # The %package command begins the package selection section of kickstart. | |
| # Packages can be specified by group, or package name. @Base and @Core are | |
| # always selected by default so they do not need to be specified. | |
| %packages | |
| acpid | |
| kpartx | |
| gdisk | |
| net-tools | |
| ntp | |
| openssh-server | |
| parted | |
| rsync | |
| vim | |
| # Make sure that subscription-manager and rhn packages are not installed as | |
| # they conflict with GCE packages. | |
| -subscription-manager | |
| -*rhn* | |
| -alsa-utils | |
| -b43-fwcutter | |
| -dmraid | |
| -eject | |
| -gpm | |
| -kexec-tools | |
| -irqbalance | |
| -microcode_ctl | |
| -smartmontools | |
| -aic94xx-firmware | |
| -atmel-firmware | |
| -b43-openfwwf | |
| -bfa-firmware | |
| -ipw2100-firmware | |
| -ipw2200-firmware | |
| -ivtv-firmware | |
| -iwl100-firmware | |
| -iwl1000-firmware | |
| -iwl3945-firmware | |
| -iwl4965-firmware | |
| -iwl5000-firmware | |
| -iwl5150-firmware | |
| -iwl6000-firmware | |
| -iwl6000g2a-firmware | |
| -iwl6050-firmware | |
| -kernel-firmware | |
| -libertas-usb8388-firmware | |
| -ql2100-firmware | |
| -ql2200-firmware | |
| -ql23xx-firmware | |
| -ql2400-firmware | |
| -ql2500-firmware | |
| -rt61pci-firmware | |
| -rt73usb-firmware | |
| -xorg-x11-drv-ati-firmware | |
| -zd1211-firmware | |
| %end | |
| %post | |
| tee -a /etc/yum.repos.d/google-cloud.repo << EOM | |
| [google-compute-engine] | |
| name=Google Compute Engine | |
| baseurl=https://packages.cloud.google.com/yum/repos/google-compute-engine-el7-x86_64-stable | |
| enabled=1 | |
| gpgcheck=1 | |
| repo_gpgcheck=1 | |
| gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg | |
| https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg | |
| EOM | |
| tee -a /etc/yum.repos.d/google-cloud.repo << EOM | |
| [google-cloud-sdk] | |
| name=Google Cloud SDK | |
| baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64 | |
| enabled=1 | |
| gpgcheck=1 | |
| repo_gpgcheck=1 | |
| gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg | |
| https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg | |
| EOM | |
| %end | |
| # Red Hat Enterprise Linux 7 RHUI setup. | |
| %post --log=/dev/ttyS0 | |
| set -x | |
| # Install google RHUI client software. | |
| yum -y install google-rhui-client-rhel7 | |
| # Import Red Hat's signing keys if present. | |
| rhkey=/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |
| [ -f "${rhkey}" ] && rpm --import "${rhkey}" | |
| %end | |
| # Google Compute Engine kickstart config for Enterprise Linux 7. | |
| %post --log=/dev/ttyS0 | |
| set -x | |
| # Install EPEL. | |
| yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm | |
| # Delete the dummy user account. | |
| userdel -r gce | |
| # Configure the network for GCE. | |
| # Given that GCE users typically control the firewall at the network API level, | |
| # we want to leave the standard Linux firewall setup enabled but all-open. | |
| firewall-offline-cmd --set-default-zone=trusted | |
| cat >>/etc/dhclient.conf <<EOL | |
| # Set the dhclient retry interval to 10 seconds instead of 5 minutes. | |
| retry 10; | |
| EOL | |
| # Set the network settings for eth0. | |
| # Set the MTU. | |
| # Set dhclient to be persistent instead of oneshot. | |
| # Enable IPv6. | |
| cat >>/etc/sysconfig/network-scripts/ifcfg-eth0 <<EOL | |
| MTU=1460 | |
| PERSISTENT_DHCLIENT="y" | |
| IPV6INIT=yes | |
| EOL | |
| # Disable IPv6 for Yum. | |
| echo "ip_resolve=4" >> /etc/yum.conf | |
| # Add GPG keys for GCE repos. | |
| curl -o /etc/pki/rpm-gpg/google-rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg | |
| curl -o /etc/pki/rpm-gpg/google-key.gpg https://packages.cloud.google.com/yum/doc/yum-key.gpg | |
| rpmkeys --import /etc/pki/rpm-gpg/google-rpm-package-key.gpg | |
| rpmkeys --import /etc/pki/rpm-gpg/google-key.gpg | |
| # Install GCE guest packages and CloudSDK. | |
| yum install -y google-compute-engine gce-disk-expand google-cloud-sdk | |
| yum install -y google-osconfig-agent | |
| # Send /root/anaconda-ks.cfg to our logs. | |
| cp /run/install/ks.cfg /tmp/anaconda-ks.cfg | |
| # Remove files which shouldn't make it into the image. | |
| rm -f /etc/boto.cfg /etc/udev/rules.d/70-persistent-net.rules | |
| # Ensure no attempt will be made to persist network MAC addresses. | |
| ln -s /dev/null /etc/udev/rules.d/75-persistent-net-generator.rules | |
| sed -i '/^\(HWADDR\)=/d' /etc/sysconfig/network-scripts/ifcfg-* | |
| # Disable password authentication by default. | |
| sed -i -e '/^PasswordAuthentication /s/ yes$/ no/' /etc/ssh/sshd_config | |
| # Set ServerAliveInterval and ClientAliveInterval to prevent SSH | |
| # disconnections. The pattern match is tuned to each source config file. | |
| # The $'...' quoting syntax tells the shell to expand escape characters. | |
| sed -i -e $'/^\tServerAliveInterval/d' /etc/ssh/ssh_config | |
| sed -i -e $'/^Host \\*$/a \\\tServerAliveInterval 420' /etc/ssh/ssh_config | |
| sed -i -e '/ClientAliveInterval/s/^.*/ClientAliveInterval 420/' /etc/ssh/sshd_config | |
| # Disable root login via SSH by default. | |
| sed -i -e '/PermitRootLogin yes/s/^.*/PermitRootLogin no/' /etc/ssh/sshd_config | |
| # Configure NTPD to use our servers. | |
| sed -i -e '/pool.ntp.org/d' /etc/ntp.conf | |
| cat >>/etc/ntp.conf <<EOD | |
| # Use the Google Compute Engine ntp server. | |
| # iburst speeds up the initial sync. | |
| server metadata.google.internal iburst | |
| EOD | |
| # Install yum-cron and configure yum-cron.conf to install updates once a day. | |
| # We have to update our images before we install yum-cron otherwise our changes | |
| # will get clobbered when yum updates. | |
| yum -y update | |
| # Install yum-cron | |
| yum -y install yum-cron | |
| # Make changes to yum-cron.conf on el7/centos7 | |
| grep apply_updates /etc/yum/yum-cron.conf | |
| cp /etc/yum/yum-cron.conf /tmp/yum-cron.conf | |
| # Apply updates | |
| sed -i 's/update_cmd =.*/update_cmd = default/' /tmp/yum-cron.conf | |
| sed -i 's/apply_updates =.*/apply_updates = yes/' /tmp/yum-cron.conf | |
| cat /tmp/yum-cron.conf > /etc/yum/yum-cron.conf | |
| grep apply_updates /etc/yum/yum-cron.conf | |
| # This enables the service on both el6 and el7 based VMs. | |
| chkconfig yum-cron on | |
| # Cleanup this repo- we don't want to continue updating with it. | |
| rm -Rf /etc/yum.repos.d/google-cloud-unstable.repo \ | |
| /etc/yum.repos.d/google-cloud-staging.repo | |
| # Clean up the cache for smaller images. | |
| yum clean all | |
| # Blacklist the floppy module. | |
| echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf | |
| restorecon /etc/modprobe.d/blacklist-floppy.conf | |
| # Set the default timeout to 0 and update grub2. | |
| sed -i"" 's:GRUB_TIMEOUT=.*:GRUB_TIMEOUT=0:' /etc/default/grub | |
| sed -i"" '/GRUB_CMDLINE_LINUX/s:"$: elevator=noop":' | |
| restorecon /etc/default/grub | |
| grub2-mkconfig -o /boot/grub2/grub.cfg | |
| echo "Running dracut." | |
| dracut -f | |
| # Fix selinux contexts on /etc/resolv.conf. | |
| restorecon /etc/resolv.conf | |
| %end | |
| # Copy synposis, logs, and cleanup. | |
| %post --nochroot --log=/dev/ttyS0 | |
| set -x | |
| log_dir=/run/install/isodir/build-logs | |
| mkdir -p ${log_dir} | |
| cp -R /mnt/sysimage/tmp/* ${log_dir} | |
| cp -R /mnt/sysimage/root/* ${log_dir} | |
| rm -Rf /mnt/sysimage/tmp/* | |
| rm -Rf /mnt/sysimage/root/* | |
| %end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment