Initial population

README.md

@@ -1 +1,7 @@
-## trying to add another Kickstart file
+
+# Reference
+https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-kickstart-syntax
+
+
+# Usage
+```$ ./buildvm <vmname>```

common/almalinux83b/media_netboot.cfg

@@ -0,0 +1,2 @@
+### INSTALL MEDIA
+url --url='https://repo.almalinux.org/almalinux/8.3-beta/BaseOS/x86_64/kickstart/'

common/almalinux83b/repo.cfg

@@ -0,0 +1,4 @@
+### YUM REPOS (used during kickstart only)
+repo --name="almalinux83b-ks" --baseurl=https://repo.almalinux.org/almalinux/8.3-beta/BaseOS/x86_64/kickstart/ --cost=100
+repo --name="almalinux83b-os" --baseurl=https://repo.almalinux.org/almalinux/8.3-beta/BaseOS/x86_64/os/ --cost=100
+

common/almalinux83b/services.cfg

@@ -0,0 +1,2 @@
+### SYSTEM SERVICES
+services --enabled='sshd,chronyd'

common/authentication.cfg

@@ -0,0 +1,2 @@
+### AUTHENTICATION
+auth --useshadow --disablemd5 --passalgo=sha512

common/authentication_rootpw.cfg

@@ -0,0 +1,2 @@
+### ROOT PASSWORD
+rootpw --iscrypted '$6$jMXzWlUc$76rMf8rNh4Ls/O2EfNDhMwBPU7EeDPWAfexDVnOGMCwqVwtvkF1RN104AafHoBo27qfew9cVYY2jVpC8muToA.'

common/bootloader.cfg

@@ -0,0 +1,3 @@
+### BOOTLOADER
+zerombr
+bootloader --location=mbr --boot-drive=sda

common/centos7/media_netboot.cfg

@@ -0,0 +1,2 @@
+### INSTALL MEDIA
+url --url='http://mirror.aarnet.edu.au/pub/centos/7/os/x86_64/'

common/centos7/post.cfg

@@ -0,0 +1,20 @@
+### REPOSITORIES
+# kickstart repo command with --install doesn't pull down GPG Keys
+# installing the official rpm for each project will handle that
+echo "Configuring additional system repositories"
+
+echo "EPEL"
+rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+
+echo "Puppet Labs"
+rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm
+
+### UPGRADE
+echo "Forcing and upgrade of the system"
+yum -y upgrade
+
+### PACKAGES
+# PUPPET and resolved dependancies
+echo "Installing Puppet"
+yum -y install puppet-agent
+

common/centos7/repo.cfg

@@ -0,0 +1,2 @@
+### YUM REPOS (used during kickstart only)
+repo --name="centos" --baseurl=http://mirror.aarnet.edu.au/pub/centos/7/os/x86_64 --cost=100

common/centos7/services.cfg

@@ -0,0 +1,2 @@
+### SYSTEM SERVICES
+services --enabled='network'

common/centos8/media_netboot.cfg

@@ -0,0 +1,2 @@
+### INSTALL MEDIA
+url --url='https://mirror.aarnet.edu.au/pub/centos/8/BaseOS/x86_64/os/'

common/centos8/post.cfg

@@ -0,0 +1,20 @@
+### REPOSITORIES
+# kickstart repo command with --install doesn't pull down GPG Keys
+# installing the official rpm for each project will handle that
+echo "Configuring additional system repositories"
+
+echo "EPEL"
+rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+
+echo "Puppet Labs"
+rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-8.noarch.rpm
+
+### UPGRADE
+echo "Forcing and upgrade of the system"
+dnf -y upgrade
+
+### PACKAGES
+# PUPPET and resolved dependancies
+echo "Installing Puppet"
+dnf -y install puppet-agent
+

common/centos8/repo.cfg

@@ -0,0 +1,3 @@
+### YUM REPOS (used during kickstart only)
+repo --name="centos" --baseurl=http://mirror.aarnet.edu.au/pub/centos/8/BaseOS/x86_64/os/ --cost=100
+

common/centos8/services.cfg

@@ -0,0 +1,2 @@
+### SYSTEM SERVICES
+services --enabled='NetworkManager'

common/cron.cfg

@@ -0,0 +1,2 @@
+mkdir -p /var/spool/cron
+echo "@reboot /opt/puppetlabs/bin/puppet apply /var/lib/puppet/manifests/puppet-common/00_puppet.pp &> /tmp/puppet-apply-reboot-priority.log && /opt/puppetlabs/bin/puppet apply /var/lib/puppet/manifests &> /tmp/puppet-apply-reboot.log " > /var/spool/cron/root

common/disk_layout.cfg

@@ -0,0 +1,9 @@
+### PARTITIONING
+# SETUP
+ignoredisk --only-use=sda
+clearpart --all --initlabel
+
+# PARTITIONS
+part /boot --size=1024 --fstype=xfs
+part pv.01 --size=1    --ondisk=sda --grow
+

common/disk_layout_lvm.cfg

@@ -0,0 +1,10 @@
+### PARTITIONING
+# LVM
+volgroup cl pv.01
+logvol  /        --vgname=cl --fstype xfs  --size=4096 --name=root    --fsoptions="defaults"
+logvol  /home    --vgname=cl --fstype xfs  --size=512  --name=home    --fsoptions="defaults,nosuid,nodev"
+logvol  /tmp     --vgname=cl --fstype xfs  --size=512  --name=tmp     --fsoptions="defaults,nosuid,nodev,noexec"
+logvol  /swap    --vgname=cl --fstype swap --size=512  --name=swap    --fsoptions="defaults"
+logvol  /var     --vgname=cl --fstype xfs  --size=512  --name=var     --fsoptions="defaults,nosuid"
+logvol  /var/log --vgname=cl --fstype xfs  --size=512  --name=var-log --fsoptions="defaults,nosuid"
+logvol  /var/tmp --vgname=cl --fstype xfs  --size=512  --name=var-tmp --fsoptions="defaults,nosuid,nodev,noexec"

common/firewall.cfg

@@ -0,0 +1,2 @@
+### FIREWALL
+firewall --enabled --ssh

common/groups.cfg

@@ -0,0 +1,4 @@
+### GROUPS
+group --name="staff"    --gid=6000
+group --name="admin"    --gid=6001
+group --name="sslcerts" --gid=6002

common/locale.cfg

@@ -0,0 +1,4 @@
+### KEYBOARD // LOCALE
+keyboard --vckeymap=us --xlayouts='us','us'
+lang 'en_US.UTF-8'
+timezone --utc 'Australia/Melbourne'

common/logging.cfg

@@ -0,0 +1,2 @@
+### INSTALL LOGGING
+logging --level=info

common/networking.cfg

@@ -0,0 +1,2 @@
+### NETWORKING
+network --device eth0 --bootproto dhcp

common/packages.cfg

@@ -0,0 +1,10 @@
+@core
+chrony
+dracut-config-generic
+dracut-norescue
+firewalld
+grub2
+kernel
+rsync
+tar
+-plymouth

common/post.cfg

@@ -0,0 +1,44 @@
+### UMASK
+# strengthen the default umask
+# we do this post deploy so all users inherit the setting after modifying 
+# /etc/bashrc
+# 
+# resulting permissions is 550 max
+#
+sed -i 's/umask\s022/umask 077/' /etc/bashrc
+sed -i 's/umask\s022/umask 077/' /etc/profile
+sed -i 's/umask\s022/umask 077/' /etc/csh.cshrc
+
+### SSH KEY
+# DEPLOY_S
+ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa_deploy -N ""
+# ROOT
+ssh-keygen -q -b 4096 -t rsa -f /root/.ssh/id_rsa -N ""
+
+### REGISTER GIT HOST KEY AS KNOWN HOST
+ssh -o 'StrictHostKeyChecking no' config.tombstones.org.uk -p 22122 2>/dev/null | echo > /dev/null
+
+### DEPLOY SSH CONFIG
+cat << EODEP > /root/.ssh/config
+Host deploy
+  Hostname config.tombstones.org.uk
+  Port 22122
+  StrictHostKeyChecking no
+  IdentityFile /root/.ssh/id_rsa_deploy
+EODEP
+
+### PACKAGES
+yum -y install git
+
+### REGISTER DEPLOY WITH DEPLOY_S
+curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \
+-H "accept: application/json" \
+-H "Content-Type: application/json" \
+-H "Authorization: token d5504c29d01678260841c3606eacbf47d6222a59" \
+-d "{  \"key\": \"$(cat /root/.ssh/id_rsa_deploy.pub)\",  \"read_only\": true,  \"title\": \"$(hostname -s)-$(date +'%s')\"}"
+
+### PUPPET
+#
+mkdir -p /var/lib/puppet/manifests
+cd /var/lib/puppet/manifests
+git clone git@deploy:tombstones/puppet-common.git

common/selinux.cfg

@@ -0,0 +1,2 @@
+### SELINUX
+selinux --enforcing

common/services.cfg

@@ -0,0 +1,2 @@
+### SYSTEM SERVICES
+services --enabled='sshd,rsyslog,chronyd'

common/system_finalize.cfg

@@ -0,0 +1,4 @@
+### GENERAL
+firstboot --disabled
+eula --agreed
+reboot

tupper/disk_layout.cfg

@@ -0,0 +1,8 @@
+### PARTITIONING
+# SETUP
+ignoredisk --only-use=sda
+clearpart --all --initlabel
+
+# PARTITIONS
+part /boot --size=1024 --fstype=xfs
+part pv.01 --size=1    --ondisk=sda --grow

tupper/disk_layout_lvm.cfg

@@ -0,0 +1,11 @@
+### PARTITIONING
+# LVM
+volgroup cl pv.01
+logvol  /                  --vgname=cl --fstype xfs  --size=4096 --name=root             --fsoptions="defaults"
+logvol  /home              --vgname=cl --fstype xfs  --size=512  --name=home             --fsoptions="defaults,nosuid,nodev"
+logvol  /tmp               --vgname=cl --fstype xfs  --size=512  --name=tmp              --fsoptions="defaults,nosuid,nodev,noexec"
+logvol  /swap              --vgname=cl --fstype swap --size=2048 --name=swap             --fsoptions="defaults"
+logvol  /var               --vgname=cl --fstype xfs  --size=1024 --name=var              --fsoptions="defaults,nosuid"
+logvol  /var/log           --vgname=cl --fstype xfs  --size=512  --name=var-log          --fsoptions="defaults,nosuid"
+logvol  /var/tmp           --vgname=cl --fstype xfs  --size=512  --name=var-tmp          --fsoptions="defaults,nosuid,nodev,noexec"
+logvol  /var/lib/docker    --vgname=cl --fstype xfs  --size=1    --name=var-lib-docker   --fsoptions="defaults,nosuid,nodev"        --grow --maxsize=5192

tupper/kickstart.cfg

@@ -0,0 +1,30 @@
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/almalinux83b/media_netboot.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/authentication_rootpw.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/logging.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/selinux.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/almalinux83b/services.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/bootloader.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/disk_layout.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/tupper/disk_layout_lvm.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/tupper/networking.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/firewall.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/almalinux83b/repo.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/locale.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/groups.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/system_finalize.cfg
+
+%pre
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/pre.cfg
+%end
+
+%packages
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/packages.cfg
+%end
+
+
+%post --erroronfail
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/post.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/centos8/post.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/cron.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/tupper/post.cfg
+%end

tupper/networking.cfg

@@ -0,0 +1,2 @@
+### NETWORKING
+network --device=link --bootproto=static --ip=78.129.208.77 --gateway=78.129.208.1 --netmask=255.255.255.0 --nameserver=8.8.8.8,8.8.4.4 --hostname=tupper --onboot=yes --activate

tupper/post.cfg

@@ -0,0 +1,31 @@
+### REGISTER WITH GIT
+#
+curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \
+-H "accept: application/json" \
+-H "Content-Type: application/json" \
+-H "Authorization: token c2463732c0469b2b02b154c13dbc9dd4a075882a" \
+-d "{  \"key\": \"$(cat /root/.ssh/id_rsa.pub)\",  \"read_only\": true,  \"title\": \"$(hostname -s)-$(date +'%s')\"}"
+
+### PUPPET
+#
+echo "Pull down the puppet manifests"
+cd /var/lib/puppet/manifests
+# -- docker
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-docker.git
+
+### DOCKER CONTAINERS
+#
+# -- content 
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-content.git
+
+# -- media
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-media-network.git
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-sabnzbd.git
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-sickgear.git
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-couchpotato.git
+
+# -- ftpd
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-pureftpd.git
+
+# -- gaming@Tomstones
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-gtombstones.git

xavier/disk_layout_lvm.cfg

@@ -0,0 +1,4 @@
+### PARTITIONING
+# LVM
+volgroup cl pv.01
+logvol  /        --vgname=cl --fstype xfs  --size=1 --name=root --fsoptions="defaults" --grow

xavier/kickstart.cfg

@@ -0,0 +1,31 @@
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/centos7/media_netboot.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/authentication.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/authentication_rootpw.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/logging.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/selinux.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/services.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/bootloader.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/disk_layout.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/xavier/disk_layout_lvm.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/xavier/networking.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/firewall.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/centos7/repo.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/locale.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/groups.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/system_finalize.cfg
+
+%pre
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/pre.cfg
+%end
+
+%packages
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/packages.cfg
+%end
+
+
+%post --erroronfail
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/post.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/centos7/post.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/common/cron.cfg
+%include https://config.tombstones.org.uk:23000/tombstones/kickstarts/raw/branch/master/xavier/post.cfg
+%end

xavier/networking.cfg

@@ -0,0 +1,2 @@
+### NETWORKING
+network --device=link --bootproto=static --ip=78.129.208.25 --gateway=78.129.208.1 --netmask=255.255.255.0 --nameserver=8.8.8.8,8.8.4.4 --hostname=xavier --onboot=yes --activate

xavier/post.cfg

@@ -0,0 +1,24 @@
+### REGISTER WITH GIT
+#
+curl -X POST "https://config.tombstones.org.uk:23000/api/v1/user/keys" \
+-H "accept: application/json" \
+-H "Content-Type: application/json" \
+-H "Authorization: token de7c2d96a3dc94cf4bf42b041f81eae7375990fd" \
+-d "{  \"key\": \"$(cat /root/.ssh/id_rsa.pub)\",  \"read_only\": true,  \"title\": \"$(hostname -s)-$(date +'%s')\"}"
+
+### PUPPET
+#
+echo "Pull down the puppet manifests"
+cd /var/lib/puppet/manifests
+
+# -- apache
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-httpd.git
+
+# -- php
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-php.git
+
+# -- mariadb
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-mariadb.git
+
+# -- postfix
+git clone ssh://git@config.tombstones.org.uk:22122/tombstones/puppet-postfix.git