1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
# install
# text
# reboot
# # url --mirrorlist="https://mirrors.rockylinux.org/metalink?repo=rocky-$releasever&arch=$basearch"
# # url --url="https://ftp.gwdg.de/pub/linux/rocky/$releasever/Minimal/$basearch/os/"
# lang en_US.UTF-8
# keyboard --vckeymap=us --xlayouts='us'
# timezone Europe/Berlin --isUtc --nontp
# auth --enableshadow --passalgo=sha512
# clearpart --none --initlabel
# bootloader --location=mbr --boot-drive=sda
# part biosboot --fstype="biosboot" --ondisk=sda --size=1
# part / --fstype="ext4" --ondisk=sda --grow --label=SLX_SYS
# url --mirrorlist="https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch"
clearpart --none --initlabel
bootloader --location=mbr --boot-drive=sda
part biosboot --fstype=biosboot --ondisk=sda --size=1
part / --fstype=xfs --asprimary --ondisk=sda --grow --label=SLX_SYS
lang en_US.UTF-8
keyboard --vckeymap=us --xlayouts='us'
timezone Europe/Berlin --isUtc --nontp
text
reboot
%packages
@core
epel-release
curl
git
openssh
python3
vim
wget
%end
%pre --interpreter=/usr/bin/perl
use strict;
use warnings;
use feature 'say';
open(my $fp, '<', '/proc/cmdline') or die $!;
chomp(my $line = scalar <$fp>);
close($fp);
my @tokens = map {/^rootpw=(.*)/ ? $1 : () }
split / /, $line;
exit if @tokens < 1;
my $pw = crypt($tokens[0], "\$6\$1U9v8hxj6xmYNJBA\$");
open($fp, '>', '/tmp/setup-root-pass') or die $!;
say $fp "rootpw --iscrypted $pw";
close($fp);
%end
# small python script to extract the password from the kernel command line
# expects the password given as: rootpw=<password>
# %pre --interpreter=/usr/bin/python
# import shlex, crypt
# arg = 'rootpw='
# with open('/proc/cmdline', 'r') as f:
# kcl = f.read().split()
# # extract the password
# passwords = [x[len(arg):] for x in kcl if x.startswith(arg)]
# if len(passwords) == 1:
# kclpass = passwords[0]
# # TODO sane fallbacks. This should work most of the time though :)
# # generate SHA512 hash
# hash = crypt.crypt(kclpass, crypt.mksalt(crypt.METHOD_SHA512))
# with open('/tmp/setup-root-pass', 'w') as f:
# f.write('rootpw --iscrypted ' + hash)
# %end
# include the created password file
%include /tmp/setup-root-pass
%post --erroronfail
set -x
parted -s /dev/sda -- name 2 SLX_SYS
# rpm --import 'https://www.elrepo.org/RPM-GPG-KEY-elrepo.org'
# yum -y install 'http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm'
# yum-config-manager --enable elrepo-kernel
# yum -y makecache
# yum -y install kernel-ml kernel-ml-devel kernel-ml-headers
# sed -i 's,^GRUB_DEFAULT=.*$,GRUB_DEFAULT=0,' /etc/default/grub
# grub2-mkconfig -o /boot/grub2/grub.cfg
# dnf -y install epel-release
#
#dnf -y install epel-release
dnf -y update
#dnf -y install atop git htop iftop jq mutt nmap nmap-ncat systemd-networkd tcpdump vim wget
#systemctl enable sshd
#alternatives --set python /usr/bin/python3
# allow root login for ansible
sed -i 's,^[[:blank:]]*#*PermitRootLogin.*,PermitRootLogin yes,g' /etc/ssh/sshd_config
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
EOF
set +x
%end
|
