====== Kickstart file for Redhat 5.6 with LVM ====== # System authorization information auth --useshadow --enablemd5 # System bootloader configuration bootloader --location=mbr --md5pass=$1$URFyIzoa$lznBDQkRATv2QMi/rztvR1 # Clear the Master Boot Record zerombr # Partition clearing information clearpart --all --initlabel # Use text mode install text #cmdline # Firewall configuration firewall --disabled # Run the Setup Agent on first boot firstboot --disable # Installation Key key 4b167a4c4b123abc # System keyboard keyboard uk # System language lang en_GB # Installation logging level logging --level=info # Use network installation url --url=http://192.168.190.40/ks/os/rhel5.6_x64/ # Network information network --bootproto=dhcp --device=eth0 --onboot=on # Reboot after installation reboot #Root password rootpw --iscrypted $1$h0m0gZgh$9AFXo9pDYGEU2TTbFSxPq1 # SELinux configuration selinux --disabled # System timezone timezone Europe/Gibraltar # Install OS instead of upgrade install # Disk partitioning information part /boot --fstype ext3 --size=210 part pv.0 --size=0 --grow --ondisk=cciss/c0d0 volgroup vg00 --pesize=32768 pv.0 logvol / --fstype ext3 --name=lv_root --vgname=vg00 --size=15360 logvol /tmp --fstype ext3 --name=lv_tmp --vgname=vg00 --size=2048 logvol /var --fstype ext3 --name=lv_var --vgname=vg00 --size=15360 logvol /var/log --fstype ext3 --name=lv_log --vgname=vg00 --size=51200 logvol /home --fstype ext3 --name=lv_home --vgname=vg00 --size=10240 logvol swap --fstype swap --name=lv_swap --vgname=vg00 --size=6044 # Disable these services services --disabled=iptables,ip6tables,iscsi,iscsid,netfs,portmap,netconsole,autofs,conman,gpm,mcstrans,rawdevices,restorecond,acpid,anacron,lvm2-monitor,yum-updatesd,anacron,readahead_early,readahead_later,restorecond # PACKAGES %packages # Include these (+deps) @base nmap vim-enhanced nano ntp net-snmp # Exclude these -anacron -lvm2 -mkinitrd -exim -conman.x86_64 -ccid -cifs-utils -coolkey -cryptsetup-luks -dump -fedora-release-notes -finger -fprintd-pam -hunspell -irda-utils -jwhois -krb5-workstation -mdadm -nano -nc -nfs-utils -ntfs-3g -ntfsprogs -pam_krb5 -pcmciautils -pinfo -pm-utils -prelink -rdate -rsh -sendmail -setuptool -system-config-firewall-tui -system-config-network-tui -talk -wireless-tools -words -yum-langpacks -yum-presto -parted -firstboot -mkbootdisk -Deployment_Guide-en-US.noarch -GConf2.x86_x64 -NetworkManager.i386 -NetworkManager.x86_64 -aspell -aspell-en -dmraid -dmraid-events -redhat-release-notes -bitstream-vera-fonts.noarch -bluez-gnome.x86_64 -bluez-libs.x86_64 -bluez-utils.x86_64 -cairo.x86_64 -cups-libs.x86_64 -dhcpv6-client.x86_64 -dmraid.x86_64 -expat.i386 -expat.x86_64 -elfutils-libelf.x86_64 -firstboot-tui.x86_64 -fontconfig.x86_64 -freetype.x86_64 -hicolor-icon-theme.noarch -htmlview.noarch -iptables.x86_64 -iptables-ipv6.x86_64 -mkinitrd.i386 -mkinitrd -iscsi-initiator-utils.x86_64 -krb5-libs.i386 -krb5-libs.x86_64 -kudzu.x86_64 -libX11.x86_64 -libICE.x86_64 -libIDL.x86_64 -libXinerama.x86_64 -libSM.x86_64 -libXau.x86_64 -libXfixes.x86_64 -libXrandr.x86_64 -libXres.x86_64 -mysql.x86_64 -portmap -postgresql-libs.x86_64 -ppp.x86_64 -system-config-network-tui.noarch -wireless-tools.x86_64 -wpa_supplicant.x86_64 #-------------------------------------------------------------------- ### POST INSTALLATION STUFF %post #---------------------------------- KS_SERVER=192.168.190.40 #---------------------------------- # Set MOTD /bin/echo "Authorised access only. " > /etc/issue # Set NTP sources /sbin/service ntpd stop /usr/sbin/ntpdate $KS_SERVER echo " restrict default kod nomodify notrap nopeer noquery restrict 127.0.0.1 # gi-inet01/02 are internal NTP sources server 192.168.190.11 server 192.168.190.12 driftfile /var/lib/ntp/drift keys /etc/ntp/keys ">/etc/ntp.conf /sbin/service ntpd start chkconfig ntpd on # Set SNMP # Tighten up SSH /usr/bin/perl -pi.bak -e "s/#PermitRootLogin yes/PermitRootLogin no/g; s/X11Forwarding yes/X11Forwarding no/g; s/#Banner \/some\/path/Banner \/etc\/issue/g; s/#LoginGraceTime 2m/LoginGraceTime 20s/g; s/#UseDNS yes/UseDNS no/g" /etc/ssh/sshd_config # Set the boot res a bit higher /usr/bin/perl -pi.bak -e "s/ro root/ro vga=791 root/g" /boot/grub/grub.conf # Stop CtrlAltDel rebooting the system /usr/bin/perl -pi.bak -e "s/\/sbin\/shutdown \-t3 \-r now/logout/g" /etc/inittab # Set some perms /bin/chmod 0600 /etc/sysctl.conf /bin/chmod 644 /etc/passwd /etc/group /bin/chmod 400 /etc/shadow /bin/chmod 600 /etc/grub.conf /bin/chown root:root /etc/grub.conf /etc/securetty /bin/chown root:root /etc/passwd /etc/shadow /etc/group # Disable ipv6 /usr/bin/perl -pi.bak -e "s/NETWORKING_IPV6=yes/NETWORKING_IPV6=no/g" /etc/sysconfig/network /bin/echo "alias net-pf-10 off alias ipv6 off">>/etc/modprobe.conf # Install htop for Mr Manuel rpm -iv http://$KS_SERVER/ks/extra/packages/htop-0.9-1.el5.rf.x86_64.rpm # Set crontabbery #TODO # Create some users,will be ldap... /usr/sbin/useradd -m user1 ; echo gibrocks1 | passwd user1 --stdin $1 /usr/sbin/useradd -m user2 ; echo gibrocks1 | passwd user2 --stdin $1 # Set bonding, hostname etc # More of this script should be moved into these scripts, in time :) mkdir /root/ks_post_install ; cd /root/ks_post_install wget http://$KS_SERVER/ks/extra/scripts/ks_post_install/config_server.sh wget http://$KS_SERVER/ks/extra/scripts/ks_post_install/mac_match.sh wget http://$KS_SERVER/ks/extra/scripts/ks_post_install/mac.db chmod +x *.sh ./config_server.sh # Tidy up logs mkdir /root/kickstart_logs mv /root/*log* /root/kickstart_logs mv /root/*.cfg /root/kickstart_logs chmod -R 600 /root/* rm -rf /root/ks_post_install history -c