add generic ks, remove the stale file, add c6 ks

kbsingh · kbsingh · commit 823ec0c67e86 · 2019-08-08T13:36:15.000+01:00
diff --git a/cloudimg/CentOS-6-x86_64-hvm.ks b/cloudimg/CentOS-6-x86_64-hvm.ks
@@ -0,0 +1,159 @@
+# Build a basic CentOS 6.5 x86_64
+lang en_US.UTF-8
+keyboard us
+timezone --utc UTC
+auth --useshadow --enablemd5
+rootpw --iscrypted nothing
+selinux --enforcing
+firewall --service=ssh
+bootloader --timeout=1 
+network --bootproto=dhcp --device=eth0 --onboot=on
+services --enabled=network
+zerombr
+clearpart --all --initlabel
+part / --size 4096 --grow --fstype ext4
+reboot
+
+# Repositories
+repo --name=CentOS6-Base --baseurl=http://mirrorsnap.centos.org/DATESTAMP/centos/6/os/x86_64
+repo --name=CentOS6-Updates --baseurl=http://mirrorsnap.centos.org/DATESTAMP/centos/6/updates/x86_64
+repo --name=CentOS6-Extras --baseurl=http://mirrorsnap.centos.org/DATESTAMP/centos/6/extras/x86_64
+
+#
+#
+# Add all the packages after the base packages
+#
+%packages --nobase --instLangs=en
+@core
+system-config-securitylevel-tui
+newt-python
+system-config-firewall-base
+audit
+pciutils
+bash
+coreutils
+kernel
+grub
+e2fsprogs
+passwd
+policycoreutils
+chkconfig
+rootfiles
+yum
+yum-presto
+vim-minimal
+acpid
+openssh-clients
+openssh-server
+curl
+man
+rsync
+#Allow for dhcp access
+dhclient
+iputils
+
+# cloud stuff
+cloud-init
+
+#stuff we really done want
+-kernel-firmware
+-xorg-x11-drv-ati-firmware
+-iwl6000g2a-firmware
+-aic94xx-firmware
+-iwl6000-firmware
+-iwl100-firmware
+-ql2200-firmware
+-libertas-usb8388-firmware
+-ipw2100-firmware
+-atmel-firmware
+-iwl3945-firmware
+-ql2500-firmware
+-rt61pci-firmware
+-ipw2200-firmware
+-iwl6050-firmware
+-iwl1000-firmware
+-bfa-firmware
+-iwl5150-firmware
+-iwl5000-firmware
+-ql2400-firmware
+-rt73usb-firmware
+-ql23xx-firmware
+-iwl4965-firmware
+-ql2100-firmware
+-ivtv-firmware
+-zd1211-firmware
+
+%end
+
+#
+# Add custom post scripts after the base post.
+#
+%post
+%end
+
+# more ec2-ify
+%post --erroronfail
+# disable root password based login
+cat >> /etc/ssh/sshd_config << EOF
+PermitRootLogin without-password
+UseDNS no
+EOF
+
+sed -i 's|PasswordAuthentication yes|PasswordAuthentication no|' /etc/ssh/sshd_config
+
+# set the firstrun flag
+touch /root/firstrun
+
+# lock the root pass
+passwd -l root
+
+# chance dhcp client retry/timeouts to resolve #6866
+cat  >> /etc/dhcp/dhclient.conf << EOF
+
+timeout 300
+retry 60
+EOF
+# set up ssh key fetching and set a random root passwd if needed
+cat >> /etc/rc.local << EOF
+
+# set a random pass on first boot
+if [ -f /root/firstrun ]; then 
+  dd if=/dev/urandom count=50|md5sum|passwd --stdin root
+  passwd -l root
+  rm /root/firstrun
+fi
+
+if [ ! -d /root/.ssh ]; then
+  mkdir -m 0700 -p /root/.ssh
+  restorecon /root/.ssh
+fi
+EOF
+
+# Do some basic cleanup
+sed -i -e 's/^ACTIVE_CONSOLES=\/dev\/tty\[1-6\]/ACTIVE_CONSOLES=\/dev\/tty1/' /etc/sysconfig/init
+
+# make sure the kernel can be updated
+rm /boot/grub/menu.lst
+rm /etc/grub.conf
+ln -s /boot/grub/grub.conf /boot/grub/menu.lst
+ln -s /boot/grub/grub.conf /etc/grub.conf
+cat >> /etc/sysconfig/kernel << EOF
+UPDATEDEFAULT=yes
+DEFAULTKERNEL=kernel
+EOF
+
+# clear out some network stuff 
+sed -i "/HWADDR/d" /etc/sysconfig/network-scripts/ifcfg-eth*
+rm -f /etc/udev/rules.d/*-persistent-net.rules
+touch /etc/udev/rules.d/75-persistent-net-generator.rules
+echo NOZEROCONF=yes >> /etc/sysconfig/network
+
+
+#echo "Zeroing out empty space."
+# This forces the filesystem to reclaim space from deleted files
+dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
+rm -f /var/tmp/zeros
+echo "(Don't worry -- that out-of-space error was expected.)"
+
+%end
+
diff --git a/cloudimg/CentOS-7-x86_64-hvm.ks b/cloudimg/CentOS-7-x86_64-hvm.ks
@@ -1,20 +1,27 @@
+# System authorization information
 auth --enableshadow --passalgo=sha512
+# Reboot after installation
 reboot
-url --url="mirror.centos.org/centos/7/os/x86_64"
+# Use network installation
+url --url="mirrorsnap.centos.org/DATESTAMP/centos/7/os/x86_64"
+# Firewall configuration
 firewall --enabled --service=ssh
 firstboot --disable
 ignoredisk --only-use=vda
+# Keyboard layouts
+# old format: keyboard us
+# new format:
 keyboard --vckeymap=us --xlayouts='us'
 # System language
 lang en_US.UTF-8
-repo --name "os" --baseurl="http://mirror.centos.org/centos/7/os/x86_64/" --cost=100
-repo --name "updates" --baseurl="http://mirror.centos.org/centos/7/updates/x86_64/" --cost=100
-repo --name "extras" --baseurl="http://mirror.centos.org/centos/7/extras/x86_64/" --cost=100
+repo --name "os" --baseurl="http://mirrorsnap.centos.org/DATESTAMP/centos/7/os/x86_64/" --cost=100
+repo --name "updates" --baseurl="http://mirrorsnap.centos.org/DATESTAMP/centos/7/updates/x86_64/" --cost=100
+repo --name "extras" --baseurl="http://mirrorsnap.centos.org/DATESTAMP/centos/7/extras/x86_64/" --cost=100
 # Network information
 network  --bootproto=dhcp
 network  --hostname=localhost.localdomain
 # Root password
-rootpw --iscrypted thereisnopasswordanditslocked
+rootpw --iscrypted nothing
 selinux --enforcing
 services --disabled="kdump" --enabled="network,sshd,rsyslog,chronyd"
 timezone UTC --isUtc
@@ -25,10 +32,16 @@ clearpart --all --initlabel
 part / --fstype="xfs" --ondisk=vda --size=4096 --grow
 
 %post --erroronfail
+
+# workaround anaconda requirements
 passwd -d root
 passwd -l root
 
-# pvgrub support
+# Create grub.conf for EC2. This used to be done by appliance creator but
+# anaconda doesn't do it. And, in case appliance-creator is used, we're
+# overriding it here so that both cases get the exact same file.
+# Note that the console line is different -- that's because EC2 provides
+# different virtual hardware, and this is a convenient way to act differently
 echo -n "Creating grub.conf for pvgrub"
 rootuuid=$( awk '$2=="/" { print $1 };'  /etc/fstab )
 mkdir /boot/grub
@@ -40,23 +53,39 @@ for kv in $( ls -1v /boot/vmlinuz* |grep -v rescue |sed s/.*vmlinuz-//  ); do
   echo -e "\tinitrd /boot/initramfs-$kv.img" >> /boot/grub/grub.conf
   echo
 done
+
+#link grub.conf to menu.lst for ec2 to work
+echo -n "Linking menu.lst to old-style grub.conf for pv-grub"
 ln -sf grub.conf /boot/grub/menu.lst
 ln -sf /boot/grub/grub.conf /etc/grub.conf
 
 # setup systemd to boot to the right runlevel
+echo -n "Setting default runlevel to multiuser text mode"
 rm -f /etc/systemd/system/default.target
 ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
 echo .
 
+# this is installed by default but we don't need it in virt
+echo "Removing linux-firmware package."
 yum -C -y remove linux-firmware
 
 # Remove firewalld; it is required to be present for install/image building.
-# but we dont ship it in cloud
+echo "Removing firewalld."
 yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
+
+# remove avahi and networkmanager
+echo "Removing avahi/zeroconf and NetworkManager"
 yum -C -y remove avahi\* Network\*
+
+echo -n "Getty fixes"
+# although we want console output going to the serial console, we don't
+# actually have the opportunity to login there. FIX.
+# we don't really need to auto-spawn _any_ gettys.
 sed -i '/^#NAutoVTs=.*/ a\
 NAutoVTs=0' /etc/systemd/logind.conf
 
+echo -n "Network fixes"
+# initscripts don't like this file to be missing.
 cat > /etc/sysconfig/network << EOF
 NETWORKING=yes
 NOZEROCONF=yes
@@ -79,6 +108,7 @@ IPV6INIT="no"
 PERSISTENT_DHCLIENT="1"
 EOF
 
+# set virtual-guest as default profile for tuned
 echo "virtual-guest" > /etc/tuned/active_profile
 
 # generic localhost names
@@ -89,6 +119,10 @@ cat > /etc/hosts << EOF
 EOF
 echo .
 
+# Because memory is scarce resource in most cloud/virt environments,
+# and because this impedes forensics, we are differing from the Fedora
+# default of having /tmp on tmpfs.
+echo "Disabling tmpfs for /tmp."
 systemctl mask tmp.mount
 
 cat <<EOL > /etc/sysconfig/kernel
@@ -103,9 +137,18 @@ EOL
 # make sure firstboot doesn't start
 echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
 
+# workaround https://bugzilla.redhat.com/show_bug.cgi?id=966888
+#if ! grep -q growpart /etc/cloud/cloud.cfg; then
+#  sed -i 's/ - resizefs/ - growpart\n - resizefs/' /etc/cloud/cloud.cfg
+#fi
+
+
+#echo -e 'cloud-user\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
+
+echo "Cleaning old yum repodata."
 yum clean all
 
-# XXX instance type markers - MUST match CentOS Infra expectation
+echo "set instance type markers"
 echo 'genclo' > /etc/yum/vars/infra
 
 # chance dhcp client retry/timeouts to resolve #6866
@@ -115,6 +158,15 @@ timeout 300;
 retry 60;
 EOF
 
+# clean up installation logs"
+rm -rf /var/log/yum.log
+rm -rf /var/lib/yum/*
+rm -rf /root/install.log
+rm -rf /root/install.log.syslog
+rm -rf /root/anaconda-ks.cfg
+rm -rf /var/log/anaconda*
+rm -rf /root/anac*
+
 echo "Fixing SELinux contexts."
 touch /var/log/cron
 touch /var/log/boot.log
@@ -124,6 +176,12 @@ mkdir -p /var/cache/yum
 # reorder console entries
 sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
 
+#echo "Zeroing out empty space."
+# This forces the filesystem to reclaim space from deleted files
+dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
+rm -f /var/tmp/zeros
+echo "(Don't worry -- that out-of-space error was expected.)"
+
 %end
 
 %packages
