diff --git a/README.md b/README.md index c90f03f..2002a7d 100644 --- a/README.md +++ b/README.md @@ -1 +1,7 @@ -## trying to add another Kickstart file + +# Reference +https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-kickstart-syntax + + +# Usage +```$ ./buildvm ``` diff --git a/common/almalinux83b/media_netboot.cfg b/common/almalinux83b/media_netboot.cfg new file mode 100644 index 0000000..387e09f --- /dev/null +++ b/common/almalinux83b/media_netboot.cfg @@ -0,0 +1,2 @@ +### INSTALL MEDIA +url --url='https://repo.almalinux.org/almalinux/8.3-beta/BaseOS/x86_64/kickstart/' diff --git a/common/almalinux83b/repo.cfg b/common/almalinux83b/repo.cfg new file mode 100644 index 0000000..4dc6532 --- /dev/null +++ b/common/almalinux83b/repo.cfg @@ -0,0 +1,4 @@ +### YUM REPOS (used during kickstart only) +repo --name="almalinux83b-ks" --baseurl=https://repo.almalinux.org/almalinux/8.3-beta/BaseOS/x86_64/kickstart/ --cost=100 +repo --name="almalinux83b-os" --baseurl=https://repo.almalinux.org/almalinux/8.3-beta/BaseOS/x86_64/os/ --cost=100 + diff --git a/common/almalinux83b/services.cfg b/common/almalinux83b/services.cfg new file mode 100644 index 0000000..06b4130 --- /dev/null +++ b/common/almalinux83b/services.cfg @@ -0,0 +1,2 @@ +### SYSTEM SERVICES +services --enabled='sshd,chronyd' diff --git a/common/authentication.cfg b/common/authentication.cfg new file mode 100644 index 0000000..82e1876 --- /dev/null +++ b/common/authentication.cfg @@ -0,0 +1,2 @@ +### AUTHENTICATION +auth --useshadow --disablemd5 --passalgo=sha512 diff --git a/common/authentication_rootpw.cfg b/common/authentication_rootpw.cfg new file mode 100644 index 0000000..8a3d736 --- /dev/null +++ b/common/authentication_rootpw.cfg @@ -0,0 +1,2 @@ +### ROOT PASSWORD +rootpw --iscrypted '$6$jMXzWlUc$76rMf8rNh4Ls/O2EfNDhMwBPU7EeDPWAfexDVnOGMCwqVwtvkF1RN104AafHoBo27qfew9cVYY2jVpC8muToA.' diff --git a/common/bootloader.cfg b/common/bootloader.cfg new file mode 100644 index 0000000..86ab052 --- /dev/null +++ b/common/bootloader.cfg @@ -0,0 +1,3 @@ +### BOOTLOADER +zerombr +bootloader --location=mbr --boot-drive=sda diff --git a/common/centos7/media_netboot.cfg b/common/centos7/media_netboot.cfg new file mode 100644 index 0000000..e55da9f --- /dev/null +++ b/common/centos7/media_netboot.cfg @@ -0,0 +1,2 @@ +### INSTALL MEDIA +url --url='http://mirror.aarnet.edu.au/pub/centos/7/os/x86_64/' diff --git a/common/centos7/post.cfg b/common/centos7/post.cfg new file mode 100644 index 0000000..fc901e4 --- /dev/null +++ b/common/centos7/post.cfg @@ -0,0 +1,20 @@ +### REPOSITORIES +# kickstart repo command with --install doesn't pull down GPG Keys +# installing the official rpm for each project will handle that +echo "Configuring additional system repositories" + +echo "EPEL" +rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + +echo "Puppet Labs" +rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm + +### UPGRADE +echo "Forcing and upgrade of the system" +yum -y upgrade + +### PACKAGES +# PUPPET and resolved dependancies +echo "Installing Puppet" +yum -y install puppet-agent + diff --git a/common/centos7/repo.cfg b/common/centos7/repo.cfg new file mode 100644 index 0000000..851202e --- /dev/null +++ b/common/centos7/repo.cfg @@ -0,0 +1,2 @@ +### YUM REPOS (used during kickstart only) +repo --name="centos" --baseurl=http://mirror.aarnet.edu.au/pub/centos/7/os/x86_64 --cost=100 diff --git a/common/centos7/services.cfg b/common/centos7/services.cfg new file mode 100644 index 0000000..3021ba6 --- /dev/null +++ b/common/centos7/services.cfg @@ -0,0 +1,2 @@ +### SYSTEM SERVICES +services --enabled='network' diff --git a/common/centos8/media_netboot.cfg b/common/centos8/media_netboot.cfg new file mode 100644 index 0000000..2724099 --- /dev/null +++ b/common/centos8/media_netboot.cfg @@ -0,0 +1,2 @@ +### INSTALL MEDIA +url --url='https://mirror.aarnet.edu.au/pub/centos/8/BaseOS/x86_64/os/' diff --git a/common/centos8/post.cfg b/common/centos8/post.cfg new file mode 100644 index 0000000..0f683c2 --- /dev/null +++ b/common/centos8/post.cfg @@ -0,0 +1,20 @@ +### REPOSITORIES +# kickstart repo command with --install doesn't pull down GPG Keys +# installing the official rpm for each project will handle that +echo "Configuring additional system repositories" + +echo "EPEL" +rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm + +echo "Puppet Labs" +rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-8.noarch.rpm + +### UPGRADE +echo "Forcing and upgrade of the system" +dnf -y upgrade + +### PACKAGES +# PUPPET and resolved dependancies +echo "Installing Puppet" +dnf -y install puppet-agent + diff --git a/common/centos8/repo.cfg b/common/centos8/repo.cfg new file mode 100644 index 0000000..de3e8cc --- /dev/null +++ b/common/centos8/repo.cfg @@ -0,0 +1,3 @@ +### YUM REPOS (used during kickstart only) +repo --name="centos" --baseurl=http://mirror.aarnet.edu.au/pub/centos/8/BaseOS/x86_64/os/ --cost=100 + diff --git a/common/centos8/services.cfg b/common/centos8/services.cfg new file mode 100644 index 0000000..c7e9070 --- /dev/null +++ b/common/centos8/services.cfg @@ -0,0 +1,2 @@ +### SYSTEM SERVICES +services --enabled='NetworkManager' diff --git a/common/cron.cfg b/common/cron.cfg new file mode 100644 index 0000000..a6c8cbf --- /dev/null +++ b/common/cron.cfg @@ -0,0 +1,2 @@ +mkdir -p /var/spool/cron +echo "@reboot /opt/puppetlabs/bin/puppet apply /var/lib/puppet/manifests/puppet-common/00_puppet.pp &> /tmp/puppet-apply-reboot-priority.log && /opt/puppetlabs/bin/puppet apply /var/lib/puppet/manifests &> /tmp/puppet-apply-reboot.log " > /var/spool/cron/root diff --git a/common/disk_layout.cfg b/common/disk_layout.cfg new file mode 100644 index 0000000..6c3511e --- /dev/null +++ b/common/disk_layout.cfg @@ -0,0 +1,9 @@ +### PARTITIONING +# SETUP +ignoredisk --only-use=sda +clearpart --all --initlabel + +# PARTITIONS +part /boot --size=1024 --fstype=xfs +part pv.01 --size=1 --ondisk=sda --grow + diff --git a/common/disk_layout_lvm.cfg b/common/disk_layout_lvm.cfg new file mode 100644 index 0000000..d75b088 --- /dev/null +++ b/common/disk_layout_lvm.cfg @@ -0,0 +1,10 @@ +### PARTITIONING +# LVM +volgroup cl pv.01 +logvol / --vgname=cl --fstype xfs --size=4096 --name=root --fsoptions="defaults" +logvol /home --vgname=cl --fstype xfs --size=512 --name=home --fsoptions="defaults,nosuid,nodev" +logvol /tmp --vgname=cl --fstype xfs --size=512 --name=tmp --fsoptions="defaults,nosuid,nodev,noexec" +logvol /swap --vgname=cl --fstype swap --size=512 --name=swap --fsoptions="defaults" +logvol /var --vgname=cl --fstype xfs --size=512 --name=var --fsoptions="defaults,nosuid" +logvol /var/log --vgname=cl --fstype xfs --size=512 --name=var-log --fsoptions="defaults,nosuid" +logvol /var/tmp --vgname=cl --fstype xfs --size=512 --name=var-tmp --fsoptions="defaults,nosuid,nodev,noexec" diff --git a/common/firewall.cfg b/common/firewall.cfg new file mode 100644 index 0000000..4b33fb1 --- /dev/null +++ b/common/firewall.cfg @@ -0,0 +1,2 @@ +### FIREWALL +firewall --enabled --ssh diff --git a/common/groups.cfg b/common/groups.cfg new file mode 100644 index 0000000..da6b037 --- /dev/null +++ b/common/groups.cfg @@ -0,0 +1,4 @@ +### GROUPS +group --name="staff" --gid=6000 +group --name="admin" --gid=6001 +group --name="sslcerts" --gid=6002 diff --git a/common/locale.cfg b/common/locale.cfg new file mode 100644 index 0000000..1c1b738 --- /dev/null +++ b/common/locale.cfg @@ -0,0 +1,4 @@ +### KEYBOARD // LOCALE +keyboard --vckeymap=us --xlayouts='us','us' +lang 'en_US.UTF-8' +timezone --utc 'Australia/Melbourne' diff --git a/common/logging.cfg b/common/logging.cfg new file mode 100644 index 0000000..6efc761 --- /dev/null +++ b/common/logging.cfg @@ -0,0 +1,2 @@ +### INSTALL LOGGING +logging --level=info diff --git a/common/networking.cfg b/common/networking.cfg new file mode 100644 index 0000000..7855493 --- /dev/null +++ b/common/networking.cfg @@ -0,0 +1,2 @@ +### NETWORKING +network --device eth0 --bootproto dhcp diff --git a/common/packages.cfg b/common/packages.cfg new file mode 100644 index 0000000..d94ab39 --- /dev/null +++ b/common/packages.cfg @@ -0,0 +1,10 @@ +@core +chrony +dracut-config-generic +dracut-norescue +firewalld +grub2 +kernel +rsync +tar +-plymouth diff --git a/common/post.cfg b/common/post.cfg new file mode 100644 index 0000000..e03067b --- /dev/null +++ b/common/post.cfg @@ -0,0 +1,44 @@ +### UMASK +# strengthen the default umask +# we do this post deploy so all users inherit the setting after modifying +# /etc/bashrc +# +# resulting permissions is 550 max +# +sed -i 's/umask\s022/umask 077/' /etc/bashrc +sed -i 's/umask\s022/umask 077/' /etc/profile +sed -i 's/umask\s022/umask 077/' /etc/csh.cshrc + +### SSH KEY +# DEPLOY_S +ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa_deploy -N "" +# ROOT +ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa -N "" + +### REGISTER GIT HOST KEY AS KNOWN HOST +ssh -o 'StrictHostKeyChecking no' config.tombstones.org.uk -p 22122 2>/dev/null | echo > /dev/null + +### DEPLOY SSH CONFIG +cat << EODEP > /root/.ssh/config +Host deploy + Hostname config.tombstones.org.uk + Port 22122 + StrictHostKeyChecking no + IdentityFile /root/.ssh/id_rsa_deploy +EODEP + +### PACKAGES +yum -y install git + +### REGISTER DEPLOY WITH DEPLOY_S +curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \ +-H "accept: application/json" \ +-H "Content-Type: application/json" \ +-H "Authorization: token d5504c29d01678260841c3606eacbf47d6222a59" \ +-d "{ \"key\": \"$(cat /root/.ssh/id_rsa_deploy.pub)\", \"read_only\": true, \"title\": \"$(hostname -s)-$(date +'%s')\"}" + +### PUPPET +# +mkdir -p /var/lib/puppet/manifests +cd /var/lib/puppet/manifests +git clone git@deploy:tombstones/puppet-common.git diff --git a/common/pre.cfg b/common/pre.cfg new file mode 100644 index 0000000..e69de29 diff --git a/common/selinux.cfg b/common/selinux.cfg new file mode 100644 index 0000000..1ed57f3 --- /dev/null +++ b/common/selinux.cfg @@ -0,0 +1,2 @@ +### SELINUX +selinux --enforcing diff --git a/common/services.cfg b/common/services.cfg new file mode 100644 index 0000000..8def6f3 --- /dev/null +++ b/common/services.cfg @@ -0,0 +1,2 @@ +### SYSTEM SERVICES +services --enabled='sshd,rsyslog,chronyd' diff --git a/common/system_finalize.cfg b/common/system_finalize.cfg new file mode 100644 index 0000000..e935569 --- /dev/null +++ b/common/system_finalize.cfg @@ -0,0 +1,4 @@ +### GENERAL +firstboot --disabled +eula --agreed +reboot diff --git a/tupper/disk_layout.cfg b/tupper/disk_layout.cfg new file mode 100644 index 0000000..2c33217 --- /dev/null +++ b/tupper/disk_layout.cfg @@ -0,0 +1,8 @@ +### PARTITIONING +# SETUP +ignoredisk --only-use=sda +clearpart --all --initlabel + +# PARTITIONS +part /boot --size=1024 --fstype=xfs +part pv.01 --size=1 --ondisk=sda --grow diff --git a/tupper/disk_layout_lvm.cfg b/tupper/disk_layout_lvm.cfg new file mode 100644 index 0000000..036811a --- /dev/null +++ b/tupper/disk_layout_lvm.cfg @@ -0,0 +1,11 @@ +### PARTITIONING +# LVM +volgroup cl pv.01 +logvol / --vgname=cl --fstype xfs --size=4096 --name=root --fsoptions="defaults" +logvol /home --vgname=cl --fstype xfs --size=512 --name=home --fsoptions="defaults,nosuid,nodev" +logvol /tmp --vgname=cl --fstype xfs --size=512 --name=tmp --fsoptions="defaults,nosuid,nodev,noexec" +logvol /swap --vgname=cl --fstype swap --size=2048 --name=swap --fsoptions="defaults" +logvol /var --vgname=cl --fstype xfs --size=1024 --name=var --fsoptions="defaults,nosuid" +logvol /var/log --vgname=cl --fstype xfs --size=512 --name=var-log --fsoptions="defaults,nosuid" +logvol /var/tmp --vgname=cl --fstype xfs --size=512 --name=var-tmp --fsoptions="defaults,nosuid,nodev,noexec" +logvol /var/lib/docker --vgname=cl --fstype xfs --size=1 --name=var-lib-docker --fsoptions="defaults,nosuid,nodev" --grow --maxsize=5192 diff --git a/tupper/kickstart.cfg b/tupper/kickstart.cfg new file mode 100644 index 0000000..b035ba2 --- /dev/null +++ b/tupper/kickstart.cfg @@ -0,0 +1,30 @@ +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/almalinux83b/media_netboot.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/authentication_rootpw.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/logging.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/selinux.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/almalinux83b/services.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/bootloader.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/disk_layout.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/tupper/disk_layout_lvm.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/tupper/networking.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/firewall.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/almalinux83b/repo.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/locale.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/groups.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/system_finalize.cfg + +%pre +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/pre.cfg +%end + +%packages +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/packages.cfg +%end + + +%post --erroronfail +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/post.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/centos8/post.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/cron.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/tupper/post.cfg +%end diff --git a/tupper/networking.cfg b/tupper/networking.cfg new file mode 100644 index 0000000..872226f --- /dev/null +++ b/tupper/networking.cfg @@ -0,0 +1,2 @@ +### NETWORKING +network --device=link --bootproto=static --ip=78.129.208.77 --gateway=78.129.208.1 --netmask=255.255.255.0 --nameserver=8.8.8.8,8.8.4.4 --hostname=tupper --onboot=yes --activate diff --git a/tupper/post.cfg b/tupper/post.cfg new file mode 100644 index 0000000..a856e12 --- /dev/null +++ b/tupper/post.cfg @@ -0,0 +1,31 @@ +### REGISTER WITH GIT +# +curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \ +-H "accept: application/json" \ +-H "Content-Type: application/json" \ +-H "Authorization: token c2463732c0469b2b02b154c13dbc9dd4a075882a" \ +-d "{ \"key\": \"$(cat /root/.ssh/id_rsa.pub)\", \"read_only\": true, \"title\": \"$(hostname -s)-$(date +'%s')\"}" + +### PUPPET +# +echo "Pull down the puppet manifests" +cd /var/lib/puppet/manifests +# -- docker +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-docker.git + +### DOCKER CONTAINERS +# +# -- content +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-content.git + +# -- media +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-media-network.git +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-sabnzbd.git +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-sickgear.git +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-couchpotato.git + +# -- ftpd +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-pureftpd.git + +# -- gaming@Tomstones +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-gtombstones.git diff --git a/xavier/disk_layout_lvm.cfg b/xavier/disk_layout_lvm.cfg new file mode 100644 index 0000000..a7cf187 --- /dev/null +++ b/xavier/disk_layout_lvm.cfg @@ -0,0 +1,4 @@ +### PARTITIONING +# LVM +volgroup cl pv.01 +logvol / --vgname=cl --fstype xfs --size=1 --name=root --fsoptions="defaults" --grow diff --git a/xavier/kickstart.cfg b/xavier/kickstart.cfg new file mode 100644 index 0000000..f727c8d --- /dev/null +++ b/xavier/kickstart.cfg @@ -0,0 +1,31 @@ +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/centos7/media_netboot.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/authentication.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/authentication_rootpw.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/logging.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/selinux.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/services.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/bootloader.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/disk_layout.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/xavier/disk_layout_lvm.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/xavier/networking.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/firewall.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/centos7/repo.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/locale.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/groups.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/system_finalize.cfg + +%pre +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/pre.cfg +%end + +%packages +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/packages.cfg +%end + + +%post --erroronfail +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/post.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/centos7/post.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/cron.cfg +%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/xavier/post.cfg +%end diff --git a/xavier/networking.cfg b/xavier/networking.cfg new file mode 100644 index 0000000..0adc961 --- /dev/null +++ b/xavier/networking.cfg @@ -0,0 +1,2 @@ +### NETWORKING +network --device=link --bootproto=static --ip=78.129.208.25 --gateway=78.129.208.1 --netmask=255.255.255.0 --nameserver=8.8.8.8,8.8.4.4 --hostname=xavier --onboot=yes --activate diff --git a/xavier/post.cfg b/xavier/post.cfg new file mode 100644 index 0000000..cca35e5 --- /dev/null +++ b/xavier/post.cfg @@ -0,0 +1,24 @@ +### REGISTER WITH GIT +# +curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \ +-H "accept: application/json" \ +-H "Content-Type: application/json" \ +-H "Authorization: token de7c2d96a3dc94cf4bf42b041f81eae7375990fd" \ +-d "{ \"key\": \"$(cat /root/.ssh/id_rsa.pub)\", \"read_only\": true, \"title\": \"$(hostname -s)-$(date +'%s')\"}" + +### PUPPET +# +echo "Pull down the puppet manifests" +cd /var/lib/puppet/manifests + +# -- apache +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-httpd.git + +# -- php +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-php.git + +# -- mariadb +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-mariadb.git + +# -- postfix +git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-postfix.git