summaryrefslogtreecommitdiffstats
path: root/ipe.ks
blob: 59cea59e63a8b1d0977066ebc494c76fb61969e2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#version=DEVEL

@DISTRIB_BASE_CONFIG@
@NODE_BASE_CONFIG@
@ND_BASE_CONFIG@

# System authorization information
auth --enableshadow --passalgo=sha512

# Use graphical install (graphical is enforce by vnc requested at kernel args)
#text
graphical

# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=@SYSDISKS@
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

# Network information (device=link signifies first device link active)
network --device=@ETHDEV@ --bootproto=dhcp --noipv6 --onboot=on --activate
#This still doesn't work
#@SKIP_IP@network --device=@ETHDEV@:1 --bootproto=static --ip=@IP@ --netmask=@NETMASK@ --noipv6 --onboot=on --activate
network  --hostname=@FQDN@


# Partition clearing information
clearpart --all --initlabel --drives=@SYSDISKS@
zerombr

# System bootloader configuration
bootloader --location=mbr --driveorder=@SYSDISKS@ --boot-drive=@BOOTDISK@  --append=" crashkernel=auto @APPEND_SOL@"

#autopart --type=lvm
#reqpart --add-boot

# rpm & iso are supported here
@SKIP_DRIVERDISK@driverdisk --source=http://ufo.kit.edu/ands/kickstart/@DISTRIBUTION@/drivers/@DRIVERDISK@
@STORAGE_CONFIG@


logvol / --vgname=sysvg --size=@SIZE@ --name=lv_root --fstype=ext4
@SKIP_HOME@logvol /home --vgname=sysvg --size=@HOME_SIZE@ --name=lv_home --fstype=ext4 --grow


# Root password (KaaS)
#rootpw --iscrypted $6$ihAbktYN$T36KRAmi8ccjNrE5Y0gEl11Rb/dl3GjemejAJyHVzrAL51/st7aMZ0dqnMIkhubX/gUcPe5LdTlJODC9D/60h0
# Root passowrd (IPE, old and compromised)
#rootpw --iscrypted $6$ioKrEQSxzYypx2HZ$jiynrl6knbmhbL066k.HjmxcwvQwBsT53LPlp2fRdkg2E1E7Gy4gwxaZ0m86rbD6q4dTaWdYfKhDVSij6N1Y7.
# Root password (IPE, mid-secure)
rootpw --iscrypted $6$6qbYQDyLZcG6z9M/$qtkNhr3BB3uJinEZrhE1bTomJtT1qxDiavMadLfCVVM.F5Qv20a30Ovam7TzwUR1.G7bik25I8uNx09Qxl4Fe0
		    
# System services
services --enabled="chronyd"
# System timezone
timezone Europe/Berlin --isUtc --ntpservers=@TIME@
user --groups=wheel --name=csa --uid=1001 --gid=1001  --gecos="Suren A. Chilingaryan"

# SELinux configuration
@SKIP_SECURITY@selinux --disabled

# Do not configure the X Window System
@SKIP_MINIMAL@skipx

install
poweroff


%packages
@CENTOS7@@^minimal
@core
@DISTRIB_PACKAGE_CONFIG@
@NODE_PACKAGE_CONFIG@
@ND_PACKAGE_CONFIG@
chrony
curl
%end

%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end


%pre --log=/var/log/ks01.log

# Stop all md devices
for name in /dev/md?*; do
    dev=$(basename $name)
    echo "Stopping $dev"
    mdadm --manage -S $name
done

ls -la /dev/sd*
ls -la /dev/md*

# Remove md superblocks
if [ -b /dev/@DISK1@ ]; then
    for name in /dev/@DISK1@?*; do
	echo "Removing md superblock on $name"
	mdadm --misc --zero-superblock $name
	dd if=/dev/zero of=$name bs=4096 count=1024
	dd if=/dev/zero of=$name bs=4096 seek=$(( $(blockdev --getsz $name) - 1024 )) count=1024
    done
    dd if=/dev/zero of=/dev/@DISK1@ bs=4096 count=1024
    parted /dev/@DISK1@ --script -- mklabel gpt
fi
if [ -b /dev/@DISK2@ ]; then
    for name in /dev/@DISK2@?*; do
	echo "Removing md superblock on $name"
	mdadm --misc --zero-superblock $name
	dd if=/dev/zero of=$name bs=4096 count=1024
	dd if=/dev/zero of=$name bs=4096 seek=$(( $(blockdev --getsz $name) - 1024 )) count=1024
    done
    dd if=/dev/zero of=/dev/@DISK2@ bs=4096 count=1024
    parted /dev/@DISK2@ --script -- mklabel gpt
fi
# wait for partition table to propogate
sleep 10

@DISTRIB_PRE_CONFIG@
@NODE_PRE_CONFIG@
@ND_PRE_CONFIG@
%end

%post --log=/var/log/ks02.log
yum install -y unzip

@CENTOS8@alternatives --set python /usr/bin/python3

mkdir /root/.ssh
chmod 0700 /root/.ssh
curl http://ufo.kit.edu/ands/kickstart/authorized_keys -o /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys

mkdir /home/csa/.ssh
chmod 0700 /home/csa/.ssh
curl http://ufo.kit.edu/ands/kickstart/authorized_keys.csa -o /home/csa/.ssh/authorized_keys
chown -R csa:user /home/csa/.ssh
chmod 0600 /home/csa/.ssh/authorized_keys

#Doesn't work either
#con=$(nmcli d show eno1 | grep CONNECTION | cut -d ':' -f 2- | sed -E -e 's/^[[:space:]]+//' | grep '^[[:alpha:]]')
#@SKIP_IP@nmcli connection modify "$con" +ipv4.address @IP@/@CIDR@

cat <<EOF >>/etc/sysconfig/network-scripts/ifcfg-@ETHDEV@
IPADDR=@IP@
PREFIX=@CIDR@
#IPADDR1=
#PREFEX1=
EOF

@DISTRIB_POST_CONFIG@
@NODE_POST_CONFIG@
@ND_POST_CONFIG@
%end