someara · December 3, 2021 19:12
diff --git a/rhel5.ks b/rhel5.ks
 # Example Kickstart config file for RHEL5, change $VARIABLES to suitable values
 # for your site
 # Usage from linux kernel boot prompt:
 # linux ks=http://$SERVER_ADDR/ks/rhel5-example.ks ip=$IPADDR netmask=$NETMASK gateway=$GATEWAY [nokill] [keymap=pt-latin1] [noipv6] [debug]
 #
 # More boot options at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Installation_Guide/ch-bootopts-x86.html

 # Options for this section can be found at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Installation_Guide/s1-kickstart2-options.html

 install
 text
 skipx
 reboot
 # Change if you're not in Portugal!
 keyboard   pt-latin1
 timezone   Europe/Lisbon
 url        --url http://$SERVER_ADDR/mrepo/rhel5u4-x86_64/disc1
 key        --skip
 lang       en_US.UTF-8
 network    --device eth0 --bootproto static --ip $IPADDR --netmask $NETMASK --gateway $GATEWAY --hostname $HOSTNAME
 # if --iscrypted, $YOUMUSTCHANGEME is the hash of the password
 rootpw     $YOUMUSTCHANGEME
 firewall   --disabled
 # selinux  --disabled | --enabled | --permissive
 selinux    --disabled
 authconfig --enableshadow --enablemd5

 # Disk configuration - small boot partition, then LVM with VG spanning rest of
 # volume. Assumes first disk is sda, fails on HP's (as disks are /dev/cciss)
 bootloader --location=mbr
 clearpart  --all --initlabel
 part /boot --fstype ext3 --size=100 --ondisk=sda --asprimary
 part pv.1  --size=0 --grow --ondisk=sda --asprimary
 volgroup   vg00 pv.1
 logvol /             --name=lv_root         --fstype ext3 --vgname=vg00 --size=3072
 logvol /var          --name=lv_var          --fstype ext3 --vgname=vg00 --size=384
 logvol /home         --name=lv_home         --fstype ext3 --vgname=vg00 --size=128
 logvol /tmp          --name=lv_tmp          --fstype ext3 --vgname=vg00 --size=1024
 logvol swap          --name=lv_swap         --fstype swap --vgname=vg00 --size=1024

 # Use '%packages --nobase' for a smaller install, but it's probably not worth it
 # Use '%packages --excludedocs' and %_excludedocs RPM macro to not install documentation (not much of a space saving)
 # Use '%packages --ignoremissing' to not prompt on missing/mispelt package names
 # Not supported in RHEL5u4:
 # Use '%packages --instLangs=en_US.utf8' and %_install_langs RPM macro to reduce the size of /usr/share/locale
 %packages --ignoremissing
 # These packages are ones that I really want to maintain a system and aren't in
 # @core. You could probably remove perl if you don't care for it and write all
 # of your scripts in python/ruby instead
 perl
 e2fsprogs
 strace
 net-snmp
 curl
 wget
 yum
 # For puppet
 ruby-rdoc
 ruby
 ruby-libs
 libselinux-ruby

 # Don't seem to be able to get rid of the following packages
 -Deployment_Guide-en_US
 -wireless-tools
 -rhpl

 # Other packages that I don't need on servers
 -gpm
 -isdn4k-utils
 -pcmcia-cs
 -wpa_supplicant
 -bluez-utils
 -bluez-hcidump
 -bluez-libs
 -bluez-bluefw
 -irda-utils

 # For HP Proliant Support Pack hpsum utility (4.0.1)
 #freetype
 #libXrender
 #libXrandr
 #libXfixes
 #libXcursor
 #fontconfig
 #net-snmp 
 #libnl
 #gcc

 %post
 # This disables all of the services we don't usually need
 # It's longer than required by the packages specified above because I use it on
 # servers that weren't installed with such a small base
 cat <<EOF | while read i j; do chkconfig $i off; done
 gpm
 sendmail # Current $JOB doesn't like to have mail daemons running
 readahead
 readahead_early
 smartd
 xinetd
 cups
 ipmi
 openibd
 autofs
 avahi-daemon
 portmap
 rpcgssd
 rpcidmapd
 nfslock
 pcscd
 rhnsd
 snmpd
 iptables
 ip6tables
 lm_sensors
 yum-updatesd
 xfs
 hidd
 EOF

 # Add my SSH key
 mkdir -m 700 /root/.ssh
 echo "ssh-rsa ..." >> /root/.ssh/authorized_keys

 # See notes for %packages
 if false; then
  #echo "%_excludedocs 1" >> /etc/rpm/macros

  # Notice this is different to lang
  #LANGS="en_US.utf8"
  #echo %_install_langs $LANGS >> /etc/rpm/macros
  # Doesn't seem to do anything - maybe my archive isn't very bloated
  #localedef --list-archive | grep -xvi -e ${LANGS// / -e } | xargs localedef --delete-from-archive
  #build-locale-archive
  #find /usr/lib/locale -maxdepth 1 -type d -printf "%f\n" | grep -xvi -e ${LANGS// / -e } | while read i; do rm -rf /usr/lib/locale/$i; done
 fi

 # No graphical image for grub
 if true; then
  sed -i '/^splashimage/d' /boot/grub/grub.conf
 fi

 # Configure yum
 if true; then
 	export RELEASE=$(rpm -q redhat-release --qf '%{RELEASE}\n' | awk -F. '{print $1"u"$2}')
 	# Note the indenting here is with tabs because of the Here doc
 	cat <<-EOF > /etc/yum.repos.d/rhel5.repo
 		[rhel$RELEASE]
 		name=\$id
 		baseurl=http://$SERVER_ADDR/mrepo/rhel$RELEASE-\$basearch/RPMS.os
 		gpgcheck=0
 		enabled=1
 	EOF

 # Disable RHN
 	if [ -e /etc/yum/pluginconf.d/rhnplugin.conf ]; then
 		sed -i 's/enabled = 1/enabled = 0/' /etc/yum/pluginconf.d/rhnplugin.conf
 	fi
 fi

 # Configure LDAP authentication against AD
 if false; then
 	cat <<-EOF > /etc/openldap/ldap.conf
 		BASE ou=yourcorp,dc=corp,dc=com
 		TLS_CACERTDIR /etc/openldap/cacerts
 		HOST $LDAP_SERVER
 	EOF

 	cat <<-EOF > /etc/ldap.conf
 		host   $LDAP_SERVER
 		base   ou=yourcorp,dc=corp,dc=com
 		binddn cn=authuser,ou=yourcorp,dc=corp,dc=com
 		bindpw seckret

 		pam_filter objectclass=user
 		pam_login_attribute sAMAccountName
 		ssl no

 		tls_cacertdir /etc/openldap/cacerts
 	EOF

 	cat <<-EOF > /etc/pam.d/system-auth
 	#%PAM-1.0
 	# This file is auto-generated.
 	# User changes will be destroyed the next time authconfig is run.
 	auth        required      pam_env.so
 	auth        sufficient    pam_unix.so nullok try_first_pass
 	auth        sufficient    pam_ldap.so use_first_pass
 	auth        requisite     pam_succeed_if.so uid >= 500 quiet
 	auth        required      pam_deny.so

 	account     required      pam_unix.so
 	account     sufficient    pam_succeed_if.so uid < 500 quiet
 	account     required      pam_permit.so

 	password    requisite     pam_cracklib.so try_first_pass retry=3
 	password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
 	password    required      pam_deny.so

 	session     optional      pam_keyinit.so revoke
 	session     required      pam_limits.so
 	session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 	session     required      pam_unix.so
 	EOF
 fi

 # Puppet - the $SERVER_ADDR has the RPMs for puppet (from EPEL) under /ks/puppet
 # directory, replace with yum if you have a local mirror. These packages are:
 # ruby-shadow
 # auguess-libs
 # ruby-augueas
 # facter
 # puppet
 if true; then
  echo $SERVER_ADDR puppet >> /etc/hosts

  if type -p wget >/dev/null; then
    wget http://$SERVER_ADDR/ks/puppet/ -A.rpm -nd -l 1 -r
    rpm -ihv *.rpm
    rm -f *.rpm
  fi
 fi

 # Install VMware tools if needed. Done last as it can break the network
 # Don't use "-s" argument for dmidecode as I try to keep this script compatable
 # with RHEL4 which doesn't have it
 if dmidecode | grep -qi "Manufacturer: .*vmware"; then
  rpm -ihv http://$SERVER_ADDR/vmware/VMwareTools-3.5.0-153875.i386.rpm && \
    chkconfig vmware-tools on && \
    vmware-config-tools.pl --default
 fi
	# Example Kickstart config file for RHEL5, change $VARIABLES to suitable values
	# for your site
	# Usage from linux kernel boot prompt:
	# linux ks=http://$SERVER_ADDR/ks/rhel5-example.ks ip=$IPADDR netmask=$NETMASK gateway=$GATEWAY [nokill] [keymap=pt-latin1] [noipv6] [debug]
	#
	# More boot options at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Installation_Guide/ch-bootopts-x86.html

	# Options for this section can be found at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Installation_Guide/s1-kickstart2-options.html

	install
	text
	skipx
	reboot
	# Change if you're not in Portugal!
	keyboard pt-latin1
	timezone Europe/Lisbon
	url --url http://$SERVER_ADDR/mrepo/rhel5u4-x86_64/disc1
	key --skip
	lang en_US.UTF-8
	network --device eth0 --bootproto static --ip $IPADDR --netmask $NETMASK --gateway $GATEWAY --hostname $HOSTNAME
	# if --iscrypted, $YOUMUSTCHANGEME is the hash of the password
	rootpw $YOUMUSTCHANGEME
	firewall --disabled
	# selinux --disabled \| --enabled \| --permissive
	selinux --disabled
	authconfig --enableshadow --enablemd5

	# Disk configuration - small boot partition, then LVM with VG spanning rest of
	# volume. Assumes first disk is sda, fails on HP's (as disks are /dev/cciss)
	bootloader --location=mbr
	clearpart --all --initlabel
	part /boot --fstype ext3 --size=100 --ondisk=sda --asprimary
	part pv.1 --size=0 --grow --ondisk=sda --asprimary
	volgroup vg00 pv.1
	logvol / --name=lv_root --fstype ext3 --vgname=vg00 --size=3072
	logvol /var --name=lv_var --fstype ext3 --vgname=vg00 --size=384
	logvol /home --name=lv_home --fstype ext3 --vgname=vg00 --size=128
	logvol /tmp --name=lv_tmp --fstype ext3 --vgname=vg00 --size=1024
	logvol swap --name=lv_swap --fstype swap --vgname=vg00 --size=1024

	# Use '%packages --nobase' for a smaller install, but it's probably not worth it
	# Use '%packages --excludedocs' and %_excludedocs RPM macro to not install documentation (not much of a space saving)
	# Use '%packages --ignoremissing' to not prompt on missing/mispelt package names
	# Not supported in RHEL5u4:
	# Use '%packages --instLangs=en_US.utf8' and %_install_langs RPM macro to reduce the size of /usr/share/locale
	%packages --ignoremissing
	# These packages are ones that I really want to maintain a system and aren't in
	# @core. You could probably remove perl if you don't care for it and write all
	# of your scripts in python/ruby instead
	perl
	e2fsprogs
	strace
	net-snmp
	curl
	wget
	yum
	# For puppet
	ruby-rdoc
	ruby
	ruby-libs
	libselinux-ruby

	# Don't seem to be able to get rid of the following packages
	-Deployment_Guide-en_US
	-wireless-tools
	-rhpl

	# Other packages that I don't need on servers
	-gpm
	-isdn4k-utils
	-pcmcia-cs
	-wpa_supplicant
	-bluez-utils
	-bluez-hcidump
	-bluez-libs
	-bluez-bluefw
	-irda-utils

	# For HP Proliant Support Pack hpsum utility (4.0.1)
	#freetype
	#libXrender
	#libXrandr
	#libXfixes
	#libXcursor
	#fontconfig
	#net-snmp
	#libnl
	#gcc

	%post
	# This disables all of the services we don't usually need
	# It's longer than required by the packages specified above because I use it on
	# servers that weren't installed with such a small base
	cat <<EOF \| while read i j; do chkconfig $i off; done
	gpm
	sendmail # Current $JOB doesn't like to have mail daemons running
	readahead
	readahead_early
	smartd
	xinetd
	cups
	ipmi
	openibd
	autofs
	avahi-daemon
	portmap
	rpcgssd
	rpcidmapd
	nfslock
	pcscd
	rhnsd
	snmpd
	iptables
	ip6tables
	lm_sensors
	yum-updatesd
	xfs
	hidd
	EOF

	# Add my SSH key
	mkdir -m 700 /root/.ssh
	echo "ssh-rsa ..." >> /root/.ssh/authorized_keys

	# See notes for %packages
	if false; then
	#echo "%_excludedocs 1" >> /etc/rpm/macros

	# Notice this is different to lang
	#LANGS="en_US.utf8"
	#echo %_install_langs $LANGS >> /etc/rpm/macros
	# Doesn't seem to do anything - maybe my archive isn't very bloated
	#localedef --list-archive \| grep -xvi -e ${LANGS// / -e } \| xargs localedef --delete-from-archive
	#build-locale-archive
	#find /usr/lib/locale -maxdepth 1 -type d -printf "%f\n" \| grep -xvi -e ${LANGS// / -e } \| while read i; do rm -rf /usr/lib/locale/$i; done
	fi

	# No graphical image for grub
	if true; then
	sed -i '/^splashimage/d' /boot/grub/grub.conf
	fi

	# Configure yum
	if true; then
	export RELEASE=$(rpm -q redhat-release --qf '%{RELEASE}\n' \| awk -F. '{print $1"u"$2}')
	# Note the indenting here is with tabs because of the Here doc
	cat <<-EOF > /etc/yum.repos.d/rhel5.repo
	[rhel$RELEASE]
	name=\$id
	baseurl=http://$SERVER_ADDR/mrepo/rhel$RELEASE-\$basearch/RPMS.os
	gpgcheck=0
	enabled=1
	EOF

	# Disable RHN
	if [ -e /etc/yum/pluginconf.d/rhnplugin.conf ]; then
	sed -i 's/enabled = 1/enabled = 0/' /etc/yum/pluginconf.d/rhnplugin.conf
	fi
	fi

	# Configure LDAP authentication against AD
	if false; then
	cat <<-EOF > /etc/openldap/ldap.conf
	BASE ou=yourcorp,dc=corp,dc=com
	TLS_CACERTDIR /etc/openldap/cacerts
	HOST $LDAP_SERVER
	EOF

	cat <<-EOF > /etc/ldap.conf
	host $LDAP_SERVER
	base ou=yourcorp,dc=corp,dc=com
	binddn cn=authuser,ou=yourcorp,dc=corp,dc=com
	bindpw seckret

	pam_filter objectclass=user
	pam_login_attribute sAMAccountName
	ssl no

	tls_cacertdir /etc/openldap/cacerts
	EOF

	cat <<-EOF > /etc/pam.d/system-auth
	#%PAM-1.0
	# This file is auto-generated.
	# User changes will be destroyed the next time authconfig is run.
	auth required pam_env.so
	auth sufficient pam_unix.so nullok try_first_pass
	auth sufficient pam_ldap.so use_first_pass
	auth requisite pam_succeed_if.so uid >= 500 quiet
	auth required pam_deny.so

	account required pam_unix.so
	account sufficient pam_succeed_if.so uid < 500 quiet
	account required pam_permit.so

	password requisite pam_cracklib.so try_first_pass retry=3
	password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
	password required pam_deny.so

	session optional pam_keyinit.so revoke
	session required pam_limits.so
	session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
	session required pam_unix.so
	EOF
	fi

	# Puppet - the $SERVER_ADDR has the RPMs for puppet (from EPEL) under /ks/puppet
	# directory, replace with yum if you have a local mirror. These packages are:
	# ruby-shadow
	# auguess-libs
	# ruby-augueas
	# facter
	# puppet
	if true; then
	echo $SERVER_ADDR puppet >> /etc/hosts

	if type -p wget >/dev/null; then
	wget http://$SERVER_ADDR/ks/puppet/ -A.rpm -nd -l 1 -r
	rpm -ihv *.rpm
	rm -f *.rpm
	fi
	fi

	# Install VMware tools if needed. Done last as it can break the network
	# Don't use "-s" argument for dmidecode as I try to keep this script compatable
	# with RHEL4 which doesn't have it
	if dmidecode \| grep -qi "Manufacturer: .*vmware"; then
	rpm -ihv http://$SERVER_ADDR/vmware/VMwareTools-3.5.0-153875.i386.rpm && \
	chkconfig vmware-tools on && \
	vmware-config-tools.pl --default
	fi